On Jun 13, 2007, john lokka wrote:
Hopefully, this will answer most of your questions
-----Original Message-----
From: listbounce@securityfocus.com
[mailto:listbounce@securityfocus.com] On Behalf Of ahm_irf@yahoo.com
Sent: Tuesday, June 12, 2007 9:52 PM
To: focus-ids@securityfocus.com
Subject: Information required about Bastille-linux
1) I need to know advantages and disadvatages of Bastille-linux
Advantages - locks down red hat and mandrake linux platforms
- created via scripts (don't remember which language)
- easily modifible
- has a verification function (compare and contrast
between the "stored" baseline and the actual implementation
Disadvantages - none really.
2) how sound Bastille-linux is in terms of intrusion detection. Is
there any criteria through which we can compare or measure its
soundness.
Bastille does not monitor for intrusion detection. Bastille is a
lockdown (permissions, open ports) script
While it's true that the focus of Bastille is not intrusion
detection, it does have the ability to configure psad:
http://www.cipherdyne.org/psad/
This allows attacks to be detected via an iptables policy that is
configured in a default log-and-drop stance.
--
Michael Rash
http://www.cipherdyne.org/
Key fingerprint = 53EA 13EA 472E 3771 894F AC69 95D8 5D6B A742 839F
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to
http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
to learn more.
------------------------------------------------------------------------
