Hardening scripts for RHEL and SLES
 

Hi all,

I'm looking for a solution similar to JASS on Solaris to harden Linux boxes after installation.

We're currently trialing RHEL AS v.3 (which I am personally NOT enjoying) and SLES 9 Beta 3.5 (which I'm loving!). I've got the base installations documented and I've got both machines configured to do network installs to new machines.

However, I'm now looking for a security solution. Ideally, I'd like to use a tool that already exists, rather than making my own. I need something that can be installed and run at the end of an installation. It should ideally do the following:

- Remove all un-needed RPMS (even minimal installations leave some of these behind)
- Remove setuid bit on all binaries that don't need it
- Set certain standards for accounts, passwords, etc
- Make certain changes to hosts.allow / hosts.deny

Does anyone know of a solution to fit this ? Or should I start coding :(

Bastille.