December 4, 2006

Bastille: rated security with education

Author: Bruce Byfield

Bastille is a program for improving system security on Debian, Fedora, Gentoo, Mandriva, Red Hat Enterprise Linux, and SUSE. Unlike packet sniffers, anti-virus programs, and the majority of security programs available today, Bastille does not wait to react to possible security breaches, but prevents them by removing system vulnerabilities. With many distributions softening security in their default installations in the name of convenience, this approach is enough by itself to make Bastille an essential program.

Bastille is more than just a system hardener. With its assessment tool, Bastille gives a system security rating, comparable to that provided by the Center for Internet Security benchmark, that allows you to see the relative effects of individual security choices. Moreover, because it runs interactively, explaining the possible choices at each step and giving users every opportunity to back out of changes before committing them, using Bastille also amounts to taking a brief but thorough introductory tutorial on GNU/Linux security.

If you are serious about system security, then you should probably start by customizing every possible option during installation of your operating system, so that you know exactly what is on your system. However, even if you reject this approach as too time-consuming, you can still improve your system's security by installing and running Bastille immediately after installation.

The download page includes the latest packages for each supported distribution. If you want to use the graphical interface, you should also install the perl-tk package from your distribution's repositories. You may be able to install Bastille itself from your distribution's repositories, but check the version number. Debian, for one, only carries the latest version, 1:3.0.9, in its experimental repository. Fortunately, the dependencies are insignificant enough that installation won't trash your installation if you're using unstable or testing. Earlier releases are still useful, but lack some features, such as the assessment rating. This article will deal with the latest version of Bastille, so some examples may not work with earlier releases.

As a first step, log in as root and enter bastille -a to receive an assessment of the current state of security on a ten point scale. This scale is neither absolute nor cumulative -- in other words, scoring a perfect ten means only that you have taken every precaution, not that your system is invulnerable to attacks, and a score of ten does not mean that your system is twice as secure as one that scores five.

However, it does serve as a general indicator of the overall security of a system. The assessment checks for standard security measures such as the services running or the default permissions for a new file, assigning each item a weight according to its importance. If you're a security expert, you can customize the weighting, but most users will probably be content with the default ones.

If you record the initial results, which are available in /var/log/Bastille/Assessment in text and HTML formats, then run Bastille interactively and do another assessment, you will get a clear idea of exactly how much you've improved security, as well as the importance of individual options. If my experiences on two Debian testing installations are typical, then, depending on your distribution, you can probably expect an improvement in the assessment from around 6.0 to over 8.0 without any inconvenience -- a clear and significant improvement over the off-the-CD settings.

Running Bastille interactively

To start the process of hardening your system, enter either bastille to run the Perl/Tk graphical interface or bastille -c to run the text-based Perl/Curses interface. Either way, the program presents you with a series of screens that briefly explain security issues and choices, then give you a chance either to make a choice or add your own input.

Security choices in Bastille are grouped into 14 separate sections. These sections are listed in a table of contents on the left of the Perkl/TK interface, where each listing is checked as it is completed. Each section is divided into separate screens. Usually, each issue is given its own screen, although some may be prefaced with introductory screens.

Most screens have a default selection that strikes a reasonable balance between security and user convenience. For example, in setting the default permissions for new files, Bastille is designed with the reasonable assumption that more restrictive settings will neither be a hardship for users nor leave the system in an unusable state. By contrast, although Bastille suggests that you turn off printing if you can, the defaults assume that you won't want to do so. If you go through Bastille and accept only the defaults, the results may not be quite as secure as they could be, but neither should they prevent normal desktop use.

However, simply accepting the defaults means that you are cheating yourself of the chance to learn more about security. If you don't already know, Bastille explains such topics as why you might want to password-protect the GRUB boot manager, or at least single-user mode, why certain services should be disabled on your workstation, and how setting limits on the resources available to users can prevent denial of service attacks. If you already understand such topics, Bastille offers a convenient summary of the pros and cons of the available choices. Either way, Bastille is one of the clearest and most succinct primers on security available.

When you select the Explain Less button, you get only a high-level summary of each issue. However, select the Explain More button, and you also get a careful consideration of the possible choices, and, in several places, a recommendation of the best one -- or, at least, the one to choose if you are uncertain.

Once or twice, Bastille requires input, and not just a selection of a Yes or No radio button, but, even then, the text usually gives a few of the more likely options. The only sections that require real expertise are the Firewall and Port Scan Attack Detector, where you may need to know hosts or ethernet card devices and have a basic knowledge of ports. Yet, even in these places, accepting the defaults will give basic functionality. However, users do need to copy the commands to test and activate the firewall if they choose to do as Bastille advises and not activate the firewall immediately.

Before exiting the Firewall section, users should also record the commands needed to test the firewall and configure it to start at bootup, rather than having it automatically configured.

Depending on your knowledge of security, and how you choose to work with Bastille, going through the interactive part should take 15-45 minutes. At the end of the process, you can either discard your choices or save them and apply them in separate steps -- precautions that should be especially welcome if your security knowledge is lacking. In fact, novices might want to do a dry run first to absorb the information that Bastille provides so that, when they actually make their choices, they have absorbed enough basic facts to feel comfortable.

Should you get overzealous with the firewall or any other option and accidentally lock yourself out of your desktop, then entering bastille -r or RevertBastille will undo all the changes that Bastille makes.

The best of both worlds

Too often, the move to desktop utilities from command line ones means giving up any understanding of what the system is doing. Bastille, however, is a rare exception to this tendency. Security architecture depends on the administrator knowing what has been done to the system, and, in bringing security architecture to non-experts, Bastille does not abandon this basic principle. Except in one or two instances, it explains exactly what is done, and which files are being modified. This practice has been a tendency of Bastille for several releases, but, unlike the general run of graphical programs, its current version not only continues it, but applies it more consistently.

Security experts may have little need of Bastille, although even they might find it a convenient check-list. However, for the rest of us, Bastille is both practical and educational. I consider it one of the few absolutely essential programs for GNU/Linux, and I recommend it with only the minor reservation that I hope its interactive section will continue to improve so that I can learn more from it.

Bruce Byfield is a course designer and instructor, and a computer journalist who writes regularly for NewsForge,, and IT Manager's Journal.


  • Security
Click Here!