In the previous article, I covered some of the features of Bastille. In this article, I will cover downloading, installing and running Bastille, and undoing changes.
Downloading Bastille
Bastille is available for free download at Sourceforge’s Bastille page. The program is offered in tarball and rpm format. It must be installed by a root user in his or her root directory. Ensure the perl/tk library installed on your system, since Bastille is a collection of Perl scripts.
The program automatically implements the administrator’s preferences based on the answers to the questions, and saves them in the /root/Bastille/config file.
If you’re using Ubuntu, you can use apt-get to install Bastille, with the following command:
sudo apt-get install bastille
Of course, if you receive an error such as WARNING: /usr/bin/perl cannot find Perl module Tk, then you need to first install the perl-tk package, with the following command:
sudo apt-get install perl
Bastille allows the same configuration to be implemented on other systems. In order to do this, administrators need to install Bastille on that machine, copy the config file and the BackEnd file to the new system’s ~/Bastille directory, and then run this command:
BastilleBackend
style="display:inline-block;width:728px;height:90px"
data-ad-client="ca-pub-8834983181171783"
data-ad-slot="8926342897">
Installation and Configuration
To install and configure Bastille, do the following:
- Log in as root.
- Download the rpm file to your root directory.
- Double-click on the package icon in the GUI or use this command-line command: rpm -i Bastille-versionnum.noarch.rpm
- To run Bastille GUI, enter the following in the Bastille directory:,/bastille
- All choices you implement in Bastille are logged to the /root/Bastille/config file. It is remommended that you make a backup of the config file before running Bastille and keep a manual log.
- Next, the opening screen appears, identifying how to navigate through the Bastille configuration process. Select Next to access the first configuration screen.
- Next, Bastille leads you through a series of questions. Go through the explanation given below every question and understand the changes Bastille will perform based on your choice.
- Bastille will next ask you if you want to implement these changes. Select Save Configuration if you want to just save the configuration with applying any changes. Select Exit Without Saving if you want to discard the changes. Select Go Back and Change Configuration if you want to apply the changes.
- If you implemented password aging to 60 says, you may want to observe the changes made to the login.def file (found in the /etc directory).
- If you applied limits to the system resources by limiting users to 150 processes, you may want to observe the changes to the limits.conf file (found in the /etc/security directory).
style="display:inline-block;width:180px;height:90px"
data-ad-client="ca-pub-8834983181171783"
data-ad-slot="8138242896">
Undoing Changes
If you want to undo changes made to your system by Bastille, this can be a bit tricky. At one time, all that was included with Bastille was a Perl script called Undo.pl that was designed to undo all changes except for RPM installations. This has changed, and now Bastille has an undo/revert program called RevertBastille that restores all the configuration files and other O/S state settings to exactly where they were before installing Bastille.
Of course, this will probably not be a good option if you installed Bastille a long time ago and have made a lot of changes to your system since then. For this reason, it is a good idea to keep a log of all the changes made with Bastille, so you can undo changes as needed, possibly by running through the Bastille configuration questions again and selecting different answers. Another option is to manually remove the changes by replacing each of the configuration files changed with the backup files in the Bastille directory. The backup directory is located at:
/root/Bastille/undo/backup
It should be noted that merely uninstalling Bastille will not undo the changes made by Bastille. The changes will still be written to the specific configuration files modified by Bastille, and unless you restore the original configuration files, the changes will persist.
External Links:
BastilleLinux at help.ubuntu.com
The post Implementing Bastille appeared first on pfSense Setup HQ.