CIS403_Hardening_Linux_Lab

CIS403_Hardening_Linux_Lab - Purpose: This lab demonstrates...

Info iconThis preview shows pages 1–3. Sign up to view the full content.

View Full Document Right Arrow Icon
Purpose: This lab demonstrates how to use Jay Bealle’s “Bastille” to configure a Unix/Linux bastion host in accordance with the operating system benchmarks created by the Center for Internet Security. Resources: - Basille-linux: http://www.bastille-linux.org/running_bastille_on.htm - Operating System Benchmarks: http://www.cisecurity.org/bench.html Objectives: - Configure a Unix/Linux bastion host computer. Background: Bastille has 2 modes of operation: 1. Assessment and Reporting Mode 2. Hardening Mode Assessment and Reporting Mode: Bastille has the ability to assess a system and tell you what parts of the system are not “ locked down”. It does this by examining the system in a read-only fashion and reporting on the status of each of its “hardening” items. For example, Bastille might check whether the DNS server is locked in a chroot prison, whether telnet is turned off, or even if a minimum password length is required. You can take a look at a Web-only demo of this through this link . Bastille's reporting functionality will assign a score, using weights you supply. These weights allow you to make some items count more than others, or even not count at all. You can use the default weights, you can use weights provided by one of the standards bodies or you can use your own organization's locally created weighting system. How Do I Use It? The assessment and reporting functionality is very easy to use. First, take a look at sample report to understand what it does. Next, just install Bastille on your system and run it with one of these command line arguments: bastille --assess ( Assessment / Reporting mode ) bastille --assessnobrowser ( Assessment mode without report display ) Bastille will create three versions of the report, which it places in /var/log/Bastille/Assessment: File Version audit-report.html Full HTML version with javascript audit-report.txt Text-only version audit-log.txt Machine-parseable text version) This report will include details and a score. Hardening Mode:
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
In Hardening mode Bastille "locks down" an operating system, proactively configuring the system for increased security and decreasing its susceptibility to compromise. To do this, Bastille will ask the Administrator a series of questions. It will then use the answers to these questions to reconfigure the system. Bastille keeps a thorough record of all changes made and
Background image of page 2
Image of page 3
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 09/09/2011 for the course CIS CIS403 taught by Professor Mr.t during the Spring '11 term at ECPI College of Technology.

Page1 / 5

CIS403_Hardening_Linux_Lab - Purpose: This lab demonstrates...

This preview shows document pages 1 - 3. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online