“This article shows how to secure a CentOS server using psad, Bastille, and some other tweaks. psad is a tool that helps detect port scans and other suspicious traffic, and the Bastille hardening program locks down an operating system, proactively configuring the system for increased security and decreasing its susceptibility to compromise.”
I prefer to use iptables directly or shorewall.The bastille firewall isn’t exactly what you call feature rich.
I prefer to use iptables directly or shorewall.The bastille firewall isn’t exactly what you call feature rich.
Bastille comes in two parts.
1. Locking of your system (all the first steps in the install script are ment to do just that) which is very, very usefull
2. Simple firewall script which is not so usefull, to few options, too childish
You simply use it for 1. only and use firewall as you did so far. Don’t worry it is a common missconception about Bastille.
Install Bastille, disable fw script, start your firewall
And while Bastille is usefull, PSAD isn’t. It has completely screwed logic and I found it as one of the most unreliable pieces of software.
Edited 2006-08-23 15:32
Sometimes these C&P-howtos are fine, but in situations where for example ports are blocked without explanation why, this is pointless.
Wasn’t CentOS some kind of hackers club with nothing better to do than harassing the mayor of some Oklahoma town?
( http://www.osnews.com/story.php?news_id=14113 )
And now you want to secure it? No way. I’m calling the FBI!