“UbuntuHelp:BastilleLinux”的版本间的差异

2010年5月19日 (三) 21:40的最新版本

文章出处:

https://help.ubuntu.com/community/BastilleLinux

点击翻译:

English

请不要直接编辑翻译本页，本页将定期与来源同步。

The Bastille Linux project aims to provide an interactive tool for the purpose of performing additional security hardening measures to increase the over-all security, and decrease the susceptibility of compromise for your Ubuntu system. This guide is designed to assist in the installation, and execution of the Bastille Linux tool for the purpose of hardening the security of your Ubuntu system. IMPORTANT: Please be aware that Bastille Linux requires advanced knowledge, is site-specific and has several options that no longer apply to Ubuntu.

Target Audience

This guide is designed for intermediate to advanced users of Ubuntu, and is not recommended for beginners. The changes Bastille Linux can make to your Ubuntu system can potentially render parts of your system inoperative, or have other adverse affects. You should have a very good understanding of what will occur for every change you allow Bastille Linux to make, and understand any potential ramifications which may arise later from those changes. The author of this guide, the creators of Bastille Linux, and Ubuntu cannot be responsible for any adverse conditions with your Ubuntu system which may be caused by failure to understand what you are doing with Bastille Linux. You have been warned.

About Bastille Linux

The Bastille Linux package is available for your Ubuntu system via packages, and may be installed with the package tool you prefer (e.g. apt-get, aptitude, or Synaptic) via the UniversePackages. The package includes a user interface, and configuration engine. The primary user interface is an X interface using the Perl/Tk system, and there is also a Curses-based text interface as well. You may use Bastille Linux in two primary modes:

Interactively: Allows Bastille Linux to ask you a series of questions, with explanations of the concept involved and hardens your system according to your answers to those questions.
Non-Interactively: You may also edit a configuration file which may then be used with Bastille Linux to enforce the security hardening measures. This is a good way to automate the hardening of several servers, for example.

Bastille's security hardening measures come from widely accepted security best practices, such as the SANS Securing Linux Step by Step guides, Kurt Seifried's Linux Administrator's Security Guide, and other reputable security sources. Now that you have some idea about what Bastille Linux is, and does, we'll cover installation, and use of Bastille Linux.

Installing Bastille Linux

You must enable the Universe repository in order to install Bastille Linux. IMPORTANT: There is a problem with the package in 9.10 Karmic. You must install any of these packages first: bsd-mailx, mailx or mailutils. See Launchpad #434709 for details. It is reported to be fixed for 10.10 Lucid. The apt-get command, to be issued from a terminal prompt is as follows: sudo apt-get install bastille If you prefer Synaptic, perform a search for Bastille, mark the Bastille package for installation, and click the Apply button.

Using Bastille Linux

This guide will cover using the Interactive mode with Bastille Linux, and specifically, the X version of the interactive tool. The text mode interactive interface, and the non-interactive mode will be discussed in future revisions of this guide. To start Bastille Linux in the X-based interactive interface, open an instance of the Terminal application, and launch the Bastille Linux X-based interactive tool with root privileges, by typing the following at the prompt: sudo bastille -x IconsPage?action=AttachFile&do=get&target=IconDialog-Warning1.png If you receive an error such as: WARNING: /usr/bin/perl cannot find Perl module Tk. then you need to first install the perl-tk package via your preferred packaged manager, using the Universe Packages, for example with apt-get the following command issued from a terminal prompt will do: sudo apt-get install perl-tk Then try to start the Bastille Linux X-based interactive tool per the instructions above again. When you execute the Bastille Linux tool, a disclaimer is first printed to the terminal, and you must accept the terms of the disclaimer to proceed. Type accept when prompted, to continue executing the Bastille Linux tool. You should then see a graphical window appear, titled Bastille. You will begin at the Title Screen where you must next click the OK button to proceed. Upon clicking the OK button for the first time, the Bastille Linux X-based interactive tool will begin asking the questions, which appear in the Question text area, along with an explanation of the question being asked, which appears in the Explanation text area. Select the appropriate radio button control, (e.g. No or Yes) and click the OK button to continue to the next question. This guide will not address the questions and possible answers presented by the Bastille Linux X-based interactive tool, as that is beyond the scope of the guide. The reader of this guide is expected to read the associated manual pages, and websites referred to in the Resources section of this guide to properly understand the questions, and their results on the system. When you've reached the end of the questions, the Bastille Linux X-based interactive tool will ask if you are finished making changes to your Bastille configuration. If so, click the Yes radio button, and then click the OK button. A Save Configuration Changes dialog window will appear. Click the appropriate button to exit without saving changes, go back and change configuration, or save configuration. A Finishing Up dialog window will then appear. You may then click the appropriate button to exit without changing your system, go back and change configuration, or apply configuration to system. If you wish to have the changes you chose applied to your system at this time, click the Apply Configuration to System button now. A Credits window will appear, and you will also note much information in the Terminal window. You may see many ERROR entries in the output of the Terminal window. To determine what the ERROR entries refer to, and possibly make corrections to them, examine the log file /var/log/Bastille/error-log. Sometimes the ERROR conditions logged will contain suggestions to correct the problem, and should you choose to do so, you can then go back and re-run the Bastille Linux tool to re-apply changes.

Reverting Bastille Linux Changes

Should you decide that you would like to undo any, or all of the changes made to your Ubuntu system by Bastille Linux, you may use the RevertBastille command to undo all changes made by the Bastille Linux tool. For example, open a Terminal application, and type the following command at the prompt to revert (undo) the changes made by Bastille Linux: sudo RevertBastille After the RevertBastille tool finishes executing, the system will be configured as it was prior to hardening with Bastille Linux. For more information on functions, capabilities, and the non-interactive mode of Bastille Linux, refer to the resources provided below.

Resources

Additional information related to Bastille Linux, GNU/Linux security hardening guidelines are available via the following resources:

Local System Resources

`man bastille`	System manual page for the Bastille Linux `bastille` tool
`man bastillebackend`	System manual page for the Bastille Linux `BastilleBackEnd` tool
`man bastillechooser`	System manual page for the Bastille Linux `BastilleChooser` tool
`man revertbastille`	System manual page for the Bastille Linux `RevertBastille` tool
`man automatedbastilles`	System manual page for the Bastille Linux `AutomatedBastille` tool
`man interactivebastille`	System manual page for the Bastille Linux `InteractiveBastille` tool
`man undobastille`	System manual page for the Bastille Linux `{RevertBastille` / `UndoBastille` tool

WWW Resources

Bastille Linux Home Page Jay Beale's Linux/Unix Security Page Linux Administrator's Security Guide SANS Institute Website

@@ 第1行： / 第1行： @@
 {{From|https://help.ubuntu.com/community/BastilleLinux}}
-{{Languages|php5}}
+{{Languages|UbuntuHelp:BastilleLinux}}
 === Introduction ===
 The Bastille Linux project aims to provide an interactive tool for the purpose of performing additional security hardening measures to increase the over-all security, and decrease the susceptibility of compromise for your Ubuntu system.  This guide is designed to assist in the installation, and execution of the Bastille Linux tool for the purpose of hardening the security of your Ubuntu system.
+'''IMPORTANT:''' Please be aware that Bastille Linux requires advanced knowledge, is site-specific and has several options that no longer apply to Ubuntu.
 === Target Audience ===
 This guide is designed for intermediate to advanced users of Ubuntu, and is '''not recommended for beginners'''.  The changes Bastille Linux can make to your Ubuntu system can potentially render parts of your system inoperative, or have other adverse affects.  You should have a very good understanding of what will occur for every change you allow Bastille Linux to make, and understand any potential ramifications which may arise later from those changes.  The author of this guide, the creators of Bastille Linux, and Ubuntu cannot be responsible for any adverse conditions with your Ubuntu system which may be caused by failure to understand what you are doing with Bastille Linux.  You have been warned.
 === About Bastille Linux ===
 The Bastille Linux package is available for your Ubuntu system via packages, and may be installed with the package tool you prefer (e.g. <code><nowiki>apt-get</nowiki></code>, <code><nowiki>aptitude</nowiki></code>, or '''Synaptic''') via the UniversePackages.  The package includes a user interface, and configuration engine.  The primary user interface is an X interface using the Perl/Tk system, and there is also a Curses-based text interface as well.  You may use Bastille Linux in two primary modes:
+* Interactively: Allows Bastille Linux to ask you a series of questions, with explanations of the concept involved and hardens your system according to your answers to those questions.
-** Interactively: Allows Bastille Linux to ask you a series of questions, with explanations of the concept involved and hardens your system according to your answers to those questions.
+* Non-Interactively:  You may also edit a configuration file which may then be used with Bastille Linux to enforce the security hardening measures.  This is a good way to automate the hardening of several servers, for example.
-** Non-Interactively:  You may also edit a configuration file which may then be used with Bastille Linux to enforce the security hardening measures.  This is a good way to automate the hardening of several servers, for example.
 Bastille's security hardening measures come from widely accepted security best practices, such as the SANS ''Securing Linux Step by Step'' guides, Kurt Seifried's ''Linux Administrator's Security Guide'', and other reputable security sources.
 Now that you have some idea about what Bastille Linux is, and does, we'll cover installation, and use of Bastille Linux.
 ==== Installing Bastille Linux ====
 You must [[UbuntuHelp:Repositories|enable the Universe repository]] in order to install Bastille Linux.
+'''IMPORTANT:''' There is a problem with the package in 9.10 Karmic. You must install any of these packages first: bsd-mailx, mailx or mailutils. See [http://bugs.launchpad.net/ubuntu/+source/psad/+bug/434709 Launchpad #434709] for details. It is reported to be fixed for 10.10 Lucid.
 The <code><nowiki>apt-get</nowiki></code> command, to be issued from a terminal prompt is as follows:
 <code><nowiki>sudo apt-get install bastille</nowiki></code>
 If you prefer '''Synaptic''', perform a search for ''Bastille'', mark the Bastille package for installation, and click the ''Apply'' button.
 ==== Using Bastille Linux ====
 This guide will cover using the ''Interactive'' mode with Bastille Linux, and specifically, the X version of the interactive tool.  The text mode interactive interface, and the non-interactive mode will be discussed in future revisions of this guide.
 To start Bastille Linux in the X-based interactive interface, open an instance of the Terminal application, and launch the Bastille Linux X-based interactive tool with root privileges, by typing the following at the prompt:
 <code><nowiki>sudo bastille -x</nowiki></code>
 https://help.ubuntu.com/community/IconsPage?action=AttachFile&do=get&target=IconDialog-Warning1.png ''If you receive an error such as:  '''WARNING: /usr/bin/perl cannot find Perl module Tk.''' then you need to first install the '''perl-tk''' package via your preferred packaged manager, using the Universe Packages, for example with <code><nowiki>apt-get</nowiki></code> the following command issued from a terminal prompt will do:
 <code><nowiki>sudo apt-get install perl-tk</nowiki></code>
 Then try to start the Bastille Linux X-based interactive tool per the instructions above again.''
 When you execute the Bastille Linux tool, a disclaimer is first printed to the terminal, and you must accept the terms of the disclaimer to proceed.  Type ''accept'' when prompted, to continue executing the Bastille Linux tool.
 You should then see a graphical window appear, titled '''Bastille'''.
 You will begin at the '''Title Screen''' where you must next click the '''OK''' button to proceed.
 Upon clicking the '''OK'''  button for the first time, the Bastille Linux X-based interactive tool will begin asking the questions, which appear in the '''Question''' text area, along with an explanation of the question being asked, which appears in the '''Explanation''' text area.  Select the appropriate radio button control, (e.g. '''No''' or '''Yes''') and click the '''OK''' button to continue to the next question.
 This guide will not address the questions and possible answers presented by the Bastille Linux X-based interactive tool, as that is beyond the scope of the guide.  The reader of this guide is expected to read the associated manual pages, and websites referred to in the '''Resources''' section of this guide to properly understand the questions, and their results on the system.
 When you've reached the end of the questions, the Bastille Linux X-based interactive tool will ask if you are finished making changes to your Bastille configuration.  If so, click the '''Yes''' radio button, and then click the '''OK'''  button.  A '''Save Configuration Changes''' dialog window will appear.  Click the appropriate button to exit without saving changes, go back and change configuration, or save configuration.
 A '''Finishing Up''' dialog window will then appear.  You may then click the appropriate button to exit without changing your system, go back and change configuration, or apply configuration to system.  If you wish to have the changes you chose applied to your system at this time, click the '''Apply Configuration to System''' button now.
 A '''Credits''' window will appear, and you will also note much information in the Terminal window.  You may see many ERROR entries in the output of the Terminal window.  To determine what the ERROR entries refer to, and possibly make corrections to them, examine the log file <code><nowiki>/var/log/Bastille/error-log</nowiki></code>.  Sometimes the ERROR conditions logged will contain suggestions to correct the problem, and should you choose to do so, you can then go back and re-run the Bastille Linux tool to re-apply changes.
 ==== Reverting Bastille Linux Changes ====
 Should you decide that you would like to undo any, or all of the changes made to your Ubuntu system by Bastille Linux, you may use the <code><nowiki>RevertBastille</nowiki></code> command to undo all changes made by the Bastille Linux tool.  For example, open a Terminal application, and type the following command at the prompt to revert (undo) the changes made by Bastille Linux:
 <code><nowiki>sudo RevertBastille</nowiki></code>
 After the <code><nowiki>RevertBastille</nowiki></code> tool finishes executing, the system will be configured as it was prior to hardening with Bastille Linux.
 For more information on functions, capabilities, and the non-interactive mode of Bastille Linux, refer to the resources provided below.
 === Resources ===
 Additional information related to Bastille Linux, GNU/Linux security hardening guidelines are available via the following resources:
 ==== Local System Resources ====
+{|border="1" cellspacing="0"
-||<style="background:#F1F1ED;"><code><nowiki>man bastille</nowiki></code>|| System manual page for the  Bastille Linux <code><nowiki>bastille</nowiki></code> tool||
+|<code><nowiki>man bastille</nowiki></code>|| System manual page for the  Bastille Linux <code><nowiki>bastille</nowiki></code> tool
-||<style="background:#F1F1ED;"><code><nowiki>man bastillebackend</nowiki></code>|| System manual page for the  Bastille Linux <code><nowiki>BastilleBackEnd</nowiki></code> tool||
+|-
-||<style="background:#F1F1ED;"><code><nowiki>man bastillechooser</nowiki></code>|| System manual page for the  Bastille Linux <code><nowiki>BastilleChooser</nowiki></code> tool||
+|<code><nowiki>man bastillebackend</nowiki></code>|| System manual page for the  Bastille Linux <code><nowiki>BastilleBackEnd</nowiki></code> tool
-||<style="background:#F1F1ED;"><code><nowiki>man revertbastille</nowiki></code>|| System manual page for the  Bastille Linux <code><nowiki>RevertBastille</nowiki></code> tool||
+|-
-||<style="background:#F1F1ED;"><code><nowiki>man automatedbastilles</nowiki></code>|| System manual page for the  Bastille Linux <code><nowiki>AutomatedBastille</nowiki></code> tool||
+|<code><nowiki>man bastillechooser</nowiki></code>|| System manual page for the  Bastille Linux <code><nowiki>BastilleChooser</nowiki></code> tool
-||<style="background:#F1F1ED;"><code><nowiki>man interactivebastille</nowiki></code>|| System manual page for the  Bastille Linux <code><nowiki>InteractiveBastille</nowiki></code> tool||
+|-
-||<style="background:#F1F1ED;"><code><nowiki>man undobastille</nowiki></code>|| System manual page for the  Bastille Linux <code><nowiki>{RevertBastille</nowiki></code> / <code><nowiki>UndoBastille</nowiki></code> tool||
+|<code><nowiki>man revertbastille</nowiki></code>|| System manual page for the  Bastille Linux <code><nowiki>RevertBastille</nowiki></code> tool
+|-
+|<code><nowiki>man automatedbastilles</nowiki></code>|| System manual page for the  Bastille Linux <code><nowiki>AutomatedBastille</nowiki></code> tool
+|-
+|<code><nowiki>man interactivebastille</nowiki></code>|| System manual page for the  Bastille Linux <code><nowiki>InteractiveBastille</nowiki></code> tool
+|-
+|<code><nowiki>man undobastille</nowiki></code>|| System manual page for the  Bastille Linux <code><nowiki>{RevertBastille</nowiki></code> / <code><nowiki>UndoBastille</nowiki></code> tool
+|}
 ==== WWW Resources ====
-[http://www.bastille-linux.org/ Bastille Linux Home Page]
+[http://www.bastille-unix.org/ Bastille Linux Home Page]
+[http://www.bastille-unix.org/jay/ Jay Beale's Linux/Unix Security Page]
-[http://www.bastille-linux.org/jay/ Jay Beale's UNIX/Linux Security Page]
 [http://www.seifried.org/lasg/ Linux Administrator's Security Guide]
 [https://www.sans.org/ SANS Institute Website]
 ----
-CategorySecurity
+[[category:CategorySecurity]]
 [[category:UbuntuHelp]]

个人工具

“UbuntuHelp:BastilleLinux”的版本间的差异 - Ubuntu中文

搜索

导航

编辑

工具