We've actually implemented pretty much all of the Bastille functionality in our system admin tool (puppet). So instead of running bastille we let puppet handle this sort of thing. This way it's pretty easy to add or remove security policies without having to make changes to a script like bastille. On 8/30/09, mark <m.roth@xxxxxxxxx> wrote: > > Kristopher Kane wrote: > > Hello, > > > > The U.S. NSA has two guides on securing RHEL5: > > > > > http://www.nsa.gov/ia/guidance/security_configuration_guides/operating_systems.shtml#linux2 > > Consider Bastille Linux. It's not a distro, but a set of hardening scripts > that > I understand NIST's recommendations on hardening use most of. I've used it > on > my own firewall/router, and have been on broadband since 98 or 99, and to > the > best of my knowledge, have never had an intrusion. > > mark > > -- > >From CNN (11/19/2008): "Retiring GOP Congressman Tom Davis memorably > declared > that if Republicans were a dog food, they'd be pulled off the shelves." > > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > https://www.redhat.com/mailman/listinfo/redhat-list > -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
