There are about 26 questions asked by Bastille linux when you run "$bastille -c" in the order below:-
Once you answer yes [Y] to the last question, bastille linux will make the appropriate modifications to the system. Additionally, you can run a report using command
$sudo bastille --report
and the reports will be stored under /var/log/Bastille/Assessment/assessment-report.txt. It also contains a net score of how hard the system is, e.g. 8.87/10 based on the options you have chosen for the questions it prompted.
- Q: Would you like to set more restrictive permissions on the administration utilities? [N]
- Q: Would you like to disable SUID status for mount/umount?[Y]
- Q: Would you like to disable SUID status for ping? [Y]
- Q: Would you like to disable SUID status for at? [Y]
- Q: Would you like to disable SUID status for usernetctl? [Y]
- Q: Should Bastille disable clear-text r-protocols that use IP-based authentication? [Y]
- Q: Would you like to enforce password aging? [Y]
- Q: Do you want to set the default umask? [Y]
- Q: What umask would you like to set for users on the system? [077]
- Q: Should we disallow root login on tty's 1-6? [N]
- Q: Would you like to password-protect the GRUB prompt? [N]
- Q: Would you like to password protect single-user mode? [Y]
- Q: Would you like to set a default-deny on TCP Wrappers and xinetd? [N]Not recommended for most users
- Q: Would you like to display "Authorized Use" messages at log-in time[Y]
- Q: Who is responsible for granting authorization to use this machine?
- Q: Would you like to put limits on system resource usage? [N]
- Q: Should we restrict console access to a small group of user accounts? [N]
- Q: Would you like to add additional logging? [Y]
- Q: Do you have a remote logging host? [N]
- Q: Would you like to set up process accounting? [N]
- Q: Would you like to deactivate NFS and Samba? [Y]
- Q: Would you like to deactivate the HP OfficeJet (hpoj) script on this machine?[Y]
- Q: Would you like to deactivate the ISDN script on this machine?[Y]
- Q: Would you like to install TMPDIR/TMP scripts? [N]->[Y]
- Q: Would you like to run the packet filtering script? [N]
- Q: Are you finished answering the questions, i.e. may we make the changes?[Y]
Once you answer yes [Y] to the last question, bastille linux will make the appropriate modifications to the system. Additionally, you can run a report using command
$sudo bastille --report
and the reports will be stored under /var/log/Bastille/Assessment/assessment-report.txt. It also contains a net score of how hard the system is, e.g. 8.87/10 based on the options you have chosen for the questions it prompted.
No comments:
Post a Comment