Kevin Fenzi wrote, On 12/13/2008 07:56 PM:
On Thu, 11 Dec 2008 11:06:54 -0500
DAVID.C.MCGUFFEY@xxxxxxxx ("McGuffey, David C.") wrote:
Anyone tested the Bastille hardening process on F10? In a few days
I'll be building an F10 box and plan to lock it down. Would be nice
to start with Bastille rather than having keep tweaking old scripts.
I have never been too clear about the reason for the existance of
Bastille. If there are improvements to be made in Fedora's security out
of the box, perhaps we could just make them?
In any case if you have selinux enabled, apply updates in a timely
manner and use a firewall you should be in pretty good shape.
Certain paranoid (they are out to get us :) organizations have rules that
indicate that: if certain capabilities of a computer system are not needed to
accomplish the job assigned for that computer, then
remove|block|disable|destroy that capability.
i.e., if the job does not need USB capability, remove USB capability from the
OS or put hotglue in the ports.
Bastille has been getting upgrades lately to check and set things in the Linux
based OSs to the standards of some of those organizations, leaving the
hardware available for use if the machine gets repurposed.
Dave McGuffey
Principal Information System Security Engineer // NSA-IEM, NSA-IAM
SAIC, IISBU, Columbia, MD
kevin
--
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
