[ubuntu-hardened] msec, Bastille port?

fernando . soporte_altex at hotmail.com
Fri Oct 21 09:59:18 CDT 2005

Hello Dave,

This is the thread with my comments about Debian/Ubuntu in the Bastille 
mailllist and the answer by Javier Fernandez-Sanguino , the maintainer of 
Bastille in Debian:


I'm also interested in porting Bastille to Ubuntu, we'll have to see how to 
coordinate with Javier (he contributes in a lot of stuff related to Debian 
security), since it seems what needs to be done is to finish/polish the 
Debian version and add some features (like reporting) rather than porting 
from scratch to Debian. As I was saying in the other list, if there are no 
critical differences in packages regarding Bastille between Debian and 
Ubuntu then the Debian version should work for Ubuntu (right?).

>From the point of view of personal preference, I think is better for the 
application of security policies to have Mandriva's msec; it's easier for 
users to just type "msec 4" and for the sysadmins to have known states of 
security policies in different machines (like "critical server is level 5, 
workstations are 3) instead of multiple different config files (the simpler 
the better). Of course it's not an apples-to-apples comparison since the 
hardening of Bastille and msec are different, with some overlapping.


>From: Dave Kempe <dave at solutionsfirst.com.au>
>To: "fernando ." <soporte_altex at hotmail.com>
>CC: ubuntu-hardened at lists.ubuntu.com
>Subject: Re: [ubuntu-hardened] msec, Bastille port?
>Date: Fri, 21 Oct 2005 11:17:34 +1000
>fernando . wrote:
>>Is there any initiative or interest to port a script-based hardening tool 
>>like Mandriva's msec ( 
>>http://mandrake.vmlinuz.ca/bin/view/Main/MandrivaSecurity ) to Ubuntu?
>I am interested in getting Bastille style hardening happening. It adds a 
>layer to security that is useful for many organisations.
>I would be happy to hack away on a Bastille port if there is interest.

More information about the ubuntu-hardened mailing list