bastille on rhel6

Latest response

hi all,

 

one new guy ro rhel. background is hp-ux.

 

i need some real instructions of installing and making bastlle work on rhel6.2

 

there is a lot of noise out there about how this works. Any one have clear cut instructions?

 

thanks

 

jim

Responses

Hi Jim,

 

since you mention HPUX "bastille", I guess you are not looking for SELinux policy tuning or other "finegrained" material, but more for a rough starting point. We recently "released" a system to our customers that is based on RHEL6.2 and I did the hardening based on the NSA Hardening guideline for RHEL5, here:

http://www.nsa.gov/ia/mitigation_guidance/security_configuration_guides/operating_systems.shtml

 

Those instructions still work, and in connection with up-to-date packages (i.e. follow the RH errata!!) and a tight iptables setup, we had our system checked by several independent auditors/customers and received quite positive feedback. It worked fine for us, even if the instructions are not the latest.

 

If you need to do more, then it's about the usual stuff : combing through filesystems and remove whatever you dont need, keep the kernel lean (i.e. try to remove all unneeded modules as it is also described in the NSA doc) and set up proper administration and monitoring jobs&scripts. All not new and not so different from good-old HPUX....