05 09 2011
One of my favorite Debian packages is Bastille, a collection of scripts to harden computers. Sure, I could do all these things myself by hand, but it's nice to have an automated method that covers most things I would do anyway.
Bastille is fairly thorough, and happens to cover more than just Debian. Unfortunately, it seems to have become unmaintained, and while the version packaged for Debian still works fairly well, there have been some cracks. For one, even the experimental Debian package of Bastille doesn't support the (current) stable distribution of Debian. There is a quick fix for the "not a supported operating system" problem, but the previous packaging of Bastille has a statoverride umask problem where it sets the permissions of critical executables to 0000 (no read, write, execute or anything for anyone, not even root!).
I'm hoping that something better comes along, or someone starts maintaining it; it's tempting to do it myself, but to be honest, I have neither the time, inclination nor expertise to keep Bastille current for anything other than Debian.
posted at: 22:19 | path: | permanent link to this entry