Hi,

I'm using Mandrake 8.1 (just installed yesterday), and I'm having trouble setting up Bastille. I went into the control center/settings/software, and installed the Bastille software. When I boot up Linux, I see that it loads the Bastille firewall. However, I would have assumed that I'd have to go into some kind of Bastille configuration for setup. I cannot find Bastill anywhere on my desktop or "start applications" on my KDE desktop. I have no idea where I would find the settings etc for this program. can anyone help?

sluggo

SU to root, then go into the /etc/Bastille directory and look at the file bastille-firewall.cfg. Note that the directory name has an initial cap but all the other names are lower-case.

The comments in the file give you pretty good directions on editing it. There's another file in that same directory, config, that has the questions asked by the setup program if you use it, but I found it much easier to just edit the cfg file using vi...

After using Bastille for a month or so, though, I decided to switch to using straight "iptables" so that I had better control of what was happening. I started out by doing "/sbin/iptables-save >newtable" while in my own home directory (as root, of course). This made a copy of the rules that Bastille had installed at boot time. I then edited those rules to make them do what I wanted, and copied the edited version to /etc/sysconfig/iptables to become the rules installed by /sbin/iptables at boot time. With that done, I opened the Mandrake Control Center's "system" area, selected "services," and un-checked Bastille from the "on boot" column, then checked "iptables" to take its place. Next step was to click the "start" button for iptables, to replace Bastille's set with my own. Final step was to apply the changes and leave MCC.

Hope this helps... I don't remember exactly where that setup file that gives you a GUI interface to Bastille is located, unfortunately!

Thanks for your help. I'm not sure if I'll ever get past Bastille for security control, I have no idea what rules I would set up! I'm more used to something like Window's ZoneAlarm.

I really have no idea yet on where programs go, once they're installed etc..., which is why I asked about the gui. I have a lot of reading to do, but unfortunately the Mandrake manuals give very little info on the details beneath the surface of their gui and linux.

thanks again,
Doug

You can do the editing of the bastille-firewall.cfg file from the KDE GUI too, and it's easier than using vi at least at first. Log in as "root" and proceed on through the warning you'll get for doing so, then click the "Home" icon. The hardest habit I had to break, coming from 12 years of working with Windows, was that of double-clicking! If you do that you'll get two instances of the file browser...

In the left side of the browser window you'll see a line for "Root Directory" and you click the + box to expand it. In the expanded tree you'll see "etc" and again click the + to expand that. In that tree you'll see "Bastille" and this time click the name to bring up its content in the main window. You should see four file icons, one of which is the cfg file. Right-click the cfg file's icon and it should give you among other choices a list of editors you can use to edit the file. Take your pick, and it'll bring up the editor, which will work very much like NotePad did in Windows.

Don't worry too much about doing something wrong when editing. Most of the entries are pretty well explained in the comments right above the actual entry itself. You can always come back and change things later if you don't like the initial results. Bastille itself will write the actual rules, using the information you give it in this file. Thus it's not all that different from setting up ZoneAlarm!

After you make your changes and save them, you need to launch the Mandrake Control Center, select "system" and from it, "services," and then click the "start" button for Bastille on the screen that results. Don't worry that it's shown as "stopped." The Bastille script runs when you click start, or at boot, and plugs the rules into the kernel, then gets out of the way since its job is done. Don't click the "stop" button for Bastille, though, unless you really do want to open your system up to the world, because that will erase all the rules and leave you wide open!

PS: For your reading I can recommend Marcel Gagne's new book on Linux System Administration. I found it extremely helpful in getting my feet on the ground in a hurry, expecially when it comes to setting up good system security. I found my copy at Barnes and Noble but most bookstores probably have it in stock.

Use file manager, click the up arrow, go to usr/sbin you will see an icon InteractiveBastille.
turn on the terminal emulator and type (without "marks")
"chmod a+x InteractiveBastille" press enter
then type (without "marks")
"./InteractiveBastille" press enter
GUI will pop up and walk you through everything

I'll have to check out these editing options, thanks. I did a port scan, using:

https://grc.com/x/ne.dll?bh0bkyd2

It showed that port 80 (http) was open. I assume that I should change my settings so this shows up as stealth?

sluggo