First, I am not going to discuss the merits of a script that
helps one easily through the 100+ steps it takes to lock down
a *nix system. The benefit is self evident and every single
person who has claimed otherwise is either a fool or acting
in malice to protect their vested interests in getting paid
to manually do what this script has done for over a decade.
So now that we have that out of the way, and I hope the people
that dominate this mailing list will not shout me down (the
IRC has much more... "correctly" minded people), I would
like to request that Bastille Linux again be packaged for
Debia... Devuan (obviously the previous distro no longer cares
about *nix or security, since they have adopted the 12 lane highway
to root for no particular reason that any honest man would
understand).
Previously, on testing (and early stable IIRC) versions of
Debian 7 and every previous version of Debian 7 (the last
true debian (though some say 6)) Bastille Linux hardening script
worked fine, without modification. Sometime within the Debian 7
release it seems TCL was updated, and as is now tradition,
a decades long stable item (TCL in this case), of course, had to
seemingly depreciate and remove some needed routine that Bastille
was using. Someone had to "make their mark" to put on a CV for
future employment at 1.5 or 2x minimum wage, of course by destroying
something that worked fine forever (TCL in this case, GTK in other
cases,
the entire linux system in a third case). Embrace, Extend, Fk Up,
get a job. The problem now is that Bastille cannot save its
config file for execution once you've set it up.
Solutions that have been discussed: package the version of TCL that
was in testing-Debian7, or update the script to do whatever the
new TCL-fucker demands of us (this is why software has to be
"maintained", because pieces of trash have to, after the original
builders of the machine, claim it as their own, NOT by forking it,
but by depreciating all the "old" ways in the Mainline project,
and forcing every fsckn person on earth that uses it to change
every one of their fsckn programs to obey the new fscking
FGGT that had to corrupt the underlying system (also see: systemd)).
Please, can we have Bastille Linux in Devuan.
It is very important for securing a linux system. There is no debate
about this.
http://bastille-linux.sourceforge.net/
You will also see it mentioned here in the Docs of an older, better,
version of Debian that still had honest intentions:
https://www.debian.org/doc/manuals/securing-debian-howto/ch-automatic-harden.en.html
(Securing Debian Manual
Chapter 6 - Automatic hardening of Debian systems)
(6.2 Bastille Linux)
So, as you can see, it has been reccomended and used for an age.
And should be again.
A .deb package that can be found for it (it's a script so
is an -all package) that is online seems to be here (ironically
in an unbuntu repo), this worked with early Debian 7:
http://old-releases.ubuntu.com/ubuntu/pool/universe/b/bastille/