diff options
author | mulhern <mulhern@yoctoproject.org> | 2013-08-27 17:56:58 -0400 |
---|---|---|
committer | mulhern <mulhern@yoctoproject.org> | 2013-08-30 15:42:10 -0400 |
commit | 5ec81ec5b117de41ed56eb05df271f103213d7be (patch) | |
tree | de50297afa7da628e7ca11847d10637bcdb9b525 /README | |
parent | ec1c761ad87b1dec899e9d48403ad03398a7f9ed (diff) | |
download | meta-security-5ec81ec5b117de41ed56eb05df271f103213d7be.tar.gz |
Bastille: document the current status and usability of the Bastille install.
The README file is updated to indicate the functionality of Bastille that is
actually available.
The recipe file is updated with a pointer to the README file.
An additional patch is added so that when Bastille is run in interactive mode
it will not attempt to make any changes to the system. This is better than
attempting to make the changes and making the screen flicker . The text on the
final screen has been updated appropriately.
Signed-off-by: mulhern <mulhern@yoctoproject.org>
Diffstat (limited to 'README')
-rw-r--r-- | README | 44 |
1 files changed, 28 insertions, 16 deletions
@@ -43,22 +43,34 @@ help for each package. | |||
43 | like rcp and rlogin, and helps create "chroot jails" that help limit the | 43 | like rcp and rlogin, and helps create "chroot jails" that help limit the |
44 | vulnerability of common Internet services like Web services and DNS. | 44 | vulnerability of common Internet services like Web services and DNS. |
45 | 45 | ||
46 | usage : Bastille can be used via meta-security layer only in command line mode. | 46 | usage : The functionality of Bastille which is available is |
47 | To start Bastille simply write in a terminal : | 47 | restricted to a purely informational one. The command: |
48 | 48 | bastille -c --os Yocto | |
49 | bastille -c | 49 | will cause a series of menus containing security questions |
50 | 50 | about the system to be displayed to the user. For each | |
51 | If this is the first usage of Bastille on the system, the user will be | 51 | question, a default response, specified in the configuration |
52 | guided through a list of questions which need to be answered. In the end, | 52 | file which is installed with Bastille, will be selected. |
53 | a config file will be created and run. After these steps, you will have a | 53 | The user may select an alternate response. When the user |
54 | hardened system. | 54 | has completed the sequence of menus Bastille saves the |
55 | 55 | responses to the configuration file. | |
56 | If you only want to run the config file, without stepping through the | 56 | |
57 | list of questions, simply write in a terminal : | 57 | The command: |
58 | 58 | bastille -l lists the configuration files that Bastille | |
59 | bastille -b | 59 | is able to locate. |
60 | 60 | ||
61 | More information can be found in the package readme and manual. | 61 | The other functionality which Bastille is intended to provide |
62 | is actually unavailable. This is not due to errors in poky | ||
63 | installation or configuration of the application. The Bastille | ||
64 | distribution is no longer supported. Significant modifications | ||
65 | would be required to make it possible to make use of the | ||
66 | functionality which is currently unavailable. | ||
67 | |||
68 | |||
69 | Additional information about Bastille can be found in the package | ||
70 | README file and other documentation. | ||
71 | |||
72 | Alternatives to Bastille include buck-security and checksecurity, | ||
73 | described elsewhere in this file. | ||
62 | 74 | ||
63 | 75 | ||
64 | == redhat-security == | 76 | == redhat-security == |