I installed FC-6 and setup firestarter for a firewall. I was wondering is there a program that will harden FC-6? I had a RH7.3 OS hardened by Bastille and no one ever cracked it! I tried Bastille on FC-6 it let me install it then when I tried to configure it ..it said FC-6 was not supported ... any help here?

FC6 ships with SELinux, if thats the kind of thing you are after.

I'm no expert on this kind of thing, but one of the first things you should also do is to disable unused services from starting up.
I'm not in front of an FC6 box at the moment, but if you navigate to the System menu, you will find a service manager. There are actually quite a few things you can disable (if you don't need them), like Avahi, Bluetooth, RCP, NFS, Samba, and a couple of others.

I did that....thanks I was looking to someway to set it so you can not login as root ...you can only su

The SELinux suggestion is definitely one to give lots of consideration to if you're looking to harden the installation. Or when you said you "did that" did you mean you already have SELinux going? I think the fact Fedora comes with SELinux out-of-the-box is a great advantage to Fedora users. I remember reading somewhere that the newest Fedora version tries to make SELinux a lot more friendly than it has been in previous versions. Anyhow, another project you might wanna check-out is grsecurity, but I'm not sure if you're into the whole kernel patch/recompile thing or not. What kinda security measures do you have on the box currently? Is it just the Firestarter?

Even better yet, why not setup sudo? You can then, for example, set which user(s) can execute commands as root (via sudo) by simply adding them to the admin group. No one will be able to login as root if you have root's password field in /etc/shadow replaced with an exclamation mark. From man shadow on my Ubuntu 7.04 box:This is what my root account line looks like in my /etc/shadow:This is what my /etc/sudoers looks like:Just my

I looked through the package Mgr. I see SElinux what file is it that I need??? there's like 5 of them... is SElinux a add on like Bastille? recompileing a kernal is over my head. editing file ... I have done it but mostly I screw it up lol it's been like 4 years since I had a linux box lol so I'm rusty!! yes I shut down all the thinks I didn't need in run level 5 and installed firestarter... I been tring to upate packages there like 238 updates and it locks up ... some error sqlcashe needs updated... I have a post in the Fedors forum but no answers on that. it ther a rpm I can download and just install it the old fassion way? rpm -ivh ?

You really should read-up on SELinux before you attempt to use it. It's no cakewalk from what I understand. I can't really help you with it, as I have no experience with it at all, but of course someone else can. I would strongly recommend upgrading to the latest version of Fedora (7 at the time of this post) if possible if you do decide to go with SELinux right now.

That said, I honestly think you should start out with setting-up sudo (which is super simple) and other minor security enhancements (such as a file integrity checker, for example) before embarking on something as major as SELinux, wouldn't you agree?

Of course, if my understanding (or possible delusion) about the Fedora Project's attempt of making SELinux unbelievably simple in version 7 is correct, then perhaps you can have a working SELinux setup in no time (or possibly even out-of-the-box) simply by upgrading.

Is tripwire still the way to go for a file checker?

Yeah, pretty much. Lots of people like AIDE also.