Author: Jack L. Frost Date: To: Gravis CC: dng@lists.dyne.org Subject: Re: [Dng] Please!! revive Bastille hardening tool for Devuan
On Wed, Feb 11, 2015 at 08:55:07AM -0500, Gravis wrote: > wow. congrats on being highly offensive on your very first post.
>
> anyway, i looked at Bastille and it's a highly tweaked script and
> headed toward being a decade out of date. frankly i'm not surprised
> it was dropped. Linux security needs an overhaul but your bastille
> script is off mark.
>
> --Gravis
While “it's old” is not really an argument, I tend to agree that Bastille is
not something anyone should waste their time on, and that's for the simple
reason of it being a script that tries to magically make your system more
secure, which is:
1) Impossible to solve in a general sense.
2) Creating a false sense of security.
3) Hell to maintain if you actually try to accomplish the assumed goal.
Security is a delicate thing, you should never rely on magical solutions.
Instead, learn linux, learn security, implement the needed levels of security
yourself.
That, or pay an infosec specialist. Don't run magic scripts.