Recent changes to feature-requests

test_AccountSecurity.pm limit find

2014-08-29T13:12:34.479000Z

The test_AccountSecurity.pm allows for a variable to limit the 'find' on files from certain paths. This could be improved to avoid edits to perl module source code. By adding an option to the bastille command line to avoid certain paths or adding a config file of path exclusions. Limiting find command on large database servers is certainly needed, otherwise the find will run for a very long time.

IOLoader.pm updates

2014-08-29T13:07:10.163000Z

I have been using Bastille on HP-UX. The IOLoader.pm needs changing to allow two things

1) Allow the path of the 'img src' html tag to be something other than the path on HP-UX of /opt/sec_mgmt/bastille/lib to that of Apache webserver. This could be done using bastille command line option or in a config file.
2) title and h1 html tags need to allow for hostnames. These is needed when multiple bastille audit reports are posted on a website. It make identifying what box the report came easier to see. Also date should be added to h1 html tag. I customized hostname/date requirments using Sys::Hostname and localtime in the perl mod.

Support for RHEL 6 / CentOS 6

2013-01-22T23:00:33Z

Probably a pipe dream...

Support for Fedora Core 10

2009-04-22T14:46:38Z

My company recently went through PCI certification.

Bastille was actually listed as the primary tool to harden an internet facing, web server that takes or comes into contact with credit card information.

Unfortunately, Bastille would not run as it doesn't support Fedora Core 10 (to my knowledge)

Please contact me if I can be of any assistance; I have a few test environments I can play with; this has been deamed important enough that I can dedicate some time to it

Let me know if I can help
-Mario
mgiambanco@gmail.com

Bastille on Leopard

2008-08-17T10:34:00Z

Bastille at present still doesn't run on Mac OS X 10.5 Leopard.
When will it be ported?

Thanks,
Best regards.

Al.

support for RHEL5 - Server

2008-04-24T21:05:29Z

there is no supported operating system for RHEL5 - can you put that in?

Fedora Core 6 support

2008-01-08T08:02:08Z

When do you estimate to release a version that will support Fedora Core 6?

From Stuart.Robin@sea.co.uk

Fedora Core 6 support

2007-03-09T20:38:44Z

[root@localhost ~]# bastille -c
ERROR: 'RHFC6' is not a supported operating system.
Valid operating system versions are as follows:
OSX:
'OSX10.2' 'OSX10.3' 'OSX10.4'
HP-UX:
'HP-UX11.00' 'HP-UX11.11' 'HP-UX11.22' 'HP-UX11.23' 'HP-UX11.31'

LINUX:
'DB2.2' 'DB3.0' 'RH6.0' 'RH6.1' 'RH6.2'
'RH7.0' 'RH7.1' 'RH7.2' 'RH7.3' 'RH8.0'
'RH9' 'RHEL4AS' 'RHEL4ES' 'RHEL4WS' 'RHEL3AS'
'RHEL3ES' 'RHEL3WS' 'RHEL2AS' 'RHEL2ES' 'RHEL2WS'
'RHFC1' 'RHFC2' 'RHFC3' 'RHFC4' 'RHFC5'
'MN6.0' 'MN6.1 ' 'MN7.0' 'MN7.1' 'MN7.2'
'MN8.0' 'MN8.1' 'MN8.2' 'MN9.2' 'MN10.0'
'MN10.1' 'MN2006.0' 'SE7.2' 'SE7.3' 'SE8.0'
'SE8.1' 'SE9.0' 'SE9.1' 'SE9.2' 'SE9.3'
'SE10.0' 'SESLES8' 'SESLES9' 'TB7.0'

No mails in hosts.allow

2005-12-09T11:31:11Z

I'd recommend that you do not send mails within the
hosts.allow file (ALL : ALL : spawn
(/usr/sbin/safe_finger -l @%h | /bin/mail -s "Port
Denial noted %d-%h" root) & : DENY).

Imagine what happens if you install sendmail, but
forget to add an entry in the hosts.allow file to
allow sendmail...

This exactly happened to me. I had tens of thousands
e-mails in the sendmail queue after an hour. Every
mail that was tried to be sent from within
hosts.allow caused another mail to be sent out, which
caused another one, which....

I'd prefer something like this:
ALL : ALL : spawn (/usr/sbin/safe_finger -l @%h
| /usr/bin/logger -p authpriv.warning -t
hosts.allow "Port Denial noted %d-%h" root) & : DENY

It would be great, if the user could choose, what
action has to be taken during the set-up of bastille
(send mail, log it to the syslogger, etc.)

Regards

James

SuSE 9.3 Support

2005-05-31T10:27:29Z

...