> Has anyone else used this article, and if so is it useful? I'm sure it > should provide some improvement over my original installation.
I've read many of Lance's articles, and I've found them all to be very useful/informative. I'm pretty sure I've read that one, but it's been awhile, so I can't comment on it specifically. > Could someone please explain exactly what it is that kernel hardeners, like > Bastille Linux (am I right? Is it a kernel hardener?) do on the system. I've > read into it a bit, but not in any great depth. I'll go and check out the > bastille-linux domain you gave me. I wouldn't call Bastille a kernel hardener per say, it's more of a system hardening utility. It doesn't really make kernel changes (at least the version that I tried for RH 6.2 didn't). Bastille is a good utility to use in my opinion because it teaches you as it secures your box. There is a good knowledge exchange there. If you use Bastille on your system, it will tell you every little thing that it does and explain to you why it should be done. That's the best way to learn what it does. :-) A kernel hardener, in my opinion, is something more along the lines of LIDS, the OpenWall non-exec stack patch, or the GR Security patch. These actually patch your kernel in order to provide additional security features not found in the standard kernel. To get a better idea, check out grsecurity.net, www.lids.org, and www.openwall.com. However, I would recommend learning more about basic *nix security before jumping into kernel hardeners. Bastille is a good place to start, as are Lance's articles. Steve Bremer
