 I don't know. I thought I saw somebody passed up from heat exhaustion or something. Okay, so I want to start this actually just, you know, by manner of greets, I guess. I want to congratulate Rainforest Puppy, who's now engaged to Zobe Kitten. And I think that's really cool. Yeah. Okay. Right, so I want to talk about Bastille Linux. I'm having a serious VMware problem. So the attack and defense demo that I wanted to do is not going to work. Anybody who's really upset and wants to leave, you're quite welcome to do so. I'll turn around so I don't see who believes. Okay, whatever. So anyway, I was able to craft a talk pretty darn quickly, and we'll go with this. And then what I want to do is try to encourage Q&A. Like, you know, it's not because I don't have material, but because I did Q&A last year here. And we were Bastille Linux was at a different stage last year. And so like Q&A would be really fun this year, because like we got a room really going. A few people are arguing back and forth about what should be done and what shouldn't be done. And that's kind of cool. So for now, what I want to do is talk about where Bastille has been, you know, how it's, what we do, what the design is, where we are now. It's kind of fresh and new, or actually rather fresh and new, and where we're going. Because I'm kind of excited about it. So, okay, what's Bastille? Lots of, you know, they're, I don't know, how many people have used Bastille or have heard of Bastille? Okay, cool. So the rest of you, this is what it does. Bastille is a hardening script for Linux and Unix. Okay, to put it really simply, we make it a lot harder for people to root your box. Or actually for people to just get any kind of unauthorized access on your machine. It's not magic. This is not a kernel hack. This is not a new operating system. All we're doing is basically running a script, or we're running through a program that can help you set much better, much better configurations than the defaults your vendor ships. And we'll take some time during this talk to Blast Vendors, even though I work for one. But, you know, yeah, we're trying to make it a whole lot harder for someone to nail your box. Because if I stuck a Red Hat 6.0 box out right now and told you guys it was on the wireless net, a bunch of you could like, you know, you could all, we could all go ad hoc and you could take it down. Each of you could root it and root it again and root it again and just like, oh damn, that sucks. On the other hand, if we stuck up a system that like somebody had taken some real time to harden, y'all wouldn't be getting too far. I mean, maybe one or two of you, I don't know if RFP is still here. Maybe he'd have some fun if we stuck a web server up, you know. But yeah, it's been pretty effective. And without any kind of hardening, without any kind of good configuration, most of us are pretty screwed. Okay, so we run on Red Hat 7.0, excuse me, in 7.1. Mandrake 8, we're going to run on a bunch of others. HPUX is the next target. We're going to have that, I'm not sure when, we're going to have it soon though. And Solaris I think is coming after that. I don't know, there are good solutions for Solaris, but I'm not sure that any of them get quite the right approach for everybody, especially for newbies. So, you know, we're going to get in there. Okay, so what does best deal do? I gave you the overview, here's some of the more general stuff. We set up a firewall for you. No, this is not the amazing, amazing firewall, but actually it's pretty darn robust. So our firewall is basically, it's set up for IP tables or IP chains. If you start up with us with IP chains, you can use your policy and it'll move it over to IP tables just fine when you upgrade. That's not good. Okay, so we'll set up, we'll set up a, we set up a firewall for you. Firewall for either a single box or like a bunch of networks and you get to, you can classify what kinds of networks each one is and it'll do masquerading for you and all kinds of cool shit like that. I like the firewalling option, even if you don't have a whole network beyond this machine, I love to put a personal firewall in each box. It's a nice step. It means that a lot of the stuff you do, a lot of the, if you've tried to block people off from given servers, block them off with the servers configuration and also with the firewall too. It's kind of cool. We also do a set UID audit. I don't know, you all know what a set UID is? Who doesn't? Oh, cool. Okay, so we do a set UID audit. This is basically, we're just trying to find stuff that's got privilege and either like take the privilege away or make it less accessible to users or to programs or whatever. We're trying to stop people from, we're trying to stop people from either getting on the box or escalating privilege when they are on the box. What else do we do? Turn off unnecessary shit, okay? If you're not using your web server, which sure as heck like to turn it off. Red Hat feels differently about this. They think that they should just leave it on because you might get around to using it later. But I don't know, for everybody who had their DNS server on, well, on a bunch of different releases, but anybody who like, you know, who never turned off the DNS server and it got installed and was left on and you never used it, but you know, it got rooted anyway. That's no fun. We try to deactivate as much as we can and whatever we can't deactivate, we try to tighten. We try to set better configurations, better defaults and just make it a whole lot harder to get access to the stuff that's, to the remaining stuff that's there. I guess the last thing that we do, and this is something that a lot of people have tended to like, is we educate. And this is basically because when we were creating Bastille, we wanted to say, okay, let's just go through and harden a system and be done with it. And we realized that users would get really pissed off because we'd shut down their telnet. You know, we'd shut down their telnet, demon. Like, wait a second, I used to be able to telnet into this and now I can't. So we're like, okay, well, we'll ask them, hey, do you mind if we turn off telnet? And so we thought, yeah, let's do that. The problem is that most people don't know, you know, most average users don't know that telnet sucks, that telnet's really bad. And if they don't know that telnet's bad, they don't really know to turn it off. So then we're like, okay, fuck, we're educational now. So we started including, we started including a whole lot of stuff that says, hey, telnet's bad because it's clear text and I can rip off your password. You know, I can watch telnetting and I can steal your password. Pardon me. We also said, hey, you know, telnet's bad because I can use something like Hunt to take over your session. Has anybody used Hunt? Who's used Hunt? One, two, three. I love DEF CON. Okay, so, you know, Hunt can be used to take over any session. Telnet or any clear text session, like you can use it for pop and stuff. It's kind of cool. Yeah, we found that education was really, really effective because users, even a lot of systemans, tend to shoot themselves in the foot at every opportunity. Okay, so some people outside of DEF CON conferences claim that they don't need to harden their box. Say, listen, I installed it, it took an hour, I leave it alone, and I'll come back when it's rooted. I mean, I'll come back when it needs to be maintained. Okay, well, you need it because vendors are not optimizing for security. It is not because they are stupid. Well, wait, I work for Mandrake, so Red Hat might be stupid, but Mandrake's not. Smart enough to hire me. Okay, well, the thing is that distributions and OS vendors are not shipping secure by default anywhere close to it because it's not what the users want. The bulk of the users are looking for ease of use. They get really, really happy when an operating system is easier to use. You know, if the web service already turned on, the user doesn't have to figure out how to turn it on. That's good. For security, that sucks. But, you know, people right now are paying for ease of use, not for security, so until that changes, we're going to need, like, third-party stuff to do the job. Okay, so the ship defaults stink because users want ease of use, and also because, well, the programmers who make this stuff, they want lots of functions, they want lots of convenience, and that often also runs counter to security. So it's not some of the programmers of some of the stuff that turns up vulnerable. It's kind of weird because they've got a completely different mindset. The reason they got into programming was to make their system easier and more convenient and shit. It's interesting because I've talked to a number of programmers who work for OS vendors or whatever who are really ticked off that we don't just set all root passwords to null and be done with it. Sorry about that. Sure. Can you hear me now? Okay, I'll try to speak up as much as I can throughout this. Just remind me if I don't. Okay, so, yeah, users need ease of use. Programmers want convenience and functionality, and neither one of them tends to grok security in general. In general. Don't tomato me, guys. Okay, so why do you need security? Very quickly. Sometimes you're targeted by, like, really good guys, okay? RFP rooted my box once. No, he didn't. But if he had, he might have done it because he was going after some bank and he wanted to make it look like I was going after the bank because then, like, I'd get in trouble. You're also targeted by script kiddies. You're also targeted by other hackers called script kiddies, and I've met a couple of them here and there. Nobody here, though. And you get targeted by them, and that's what most of us are dealing with. We're getting targeted by script kiddies on the exploit against whatever, RPCstatD, and they've got a scanner that goes and looks for people with that exploit, and then they go on the scan, like, oh, I don't know, the entirety of at home. I didn't watch that happen. Yeah, so, I mean, you got a lot of us forget. We kind of say, I don't need to worry about getting hacked because I'm not interesting, and the thing is you are interesting. You are interesting because you have an IP address. You got that 20 minutes ago, and they found you. You got picked up by a scanner, and now they come in for you. So what is Bastille doing in general, in theory? We're trying to... Damn, if those screens fall, I'm running. What's that? Yeah, I'm safest here. Okay. It works by minimizing points of entry in general. Okay, we try to shut down network demons. For the network demons that you want to leave up, you want to test them. A lot of these things, especially like web servers, you can say exactly what IP addresses, what interfaces they're allowed to accept connections on. It's going to be amazingly useful. Lots of people don't need a web server. They just want a web server on their one machine because they're like writing up web pages or CGI scripts, and they want to test them before they push them out to the main server. So if you're one of those people, what we'll do is we'll say, okay, we'll set your Apache to only accept connections As far as points of entry, we also try to restrict access to user-accessible programs. We try to do things like, my users are logging in across an ocean, so maybe they don't need to be able to mount the floppy drive, which means I can shut down mount, I can take mount and make it non-set UID, and that'd be good because then I'd avoid one of the exploits in the past year or two. We're also trying to prevent privilege escalation. What happens sometimes is somebody hacks the web server. The web server gives them user, whatever, user-web. And then from there, they run some set UID program that gives them user-root. So we want to do anything we can to stop somebody from turning user-web into user-root because it's a good idea. You all having fun? Is this good? Cool. Make some noise! No, I'm sorry. Okay, so... Now, does it work? It does work. It does work. It's kind of cool, but it actually... I didn't know it was going to work, but it works. If you take Red Hat 6.0, and you take the vulnerabilities that existed in Red Hat 6, we really helped you dodge or at least contain the bulk of the exploits, and that was pretty cool. There was a remote root hole in Bind. We let you shut down Bind, which again would kind of help you dodge that entirely. And if you didn't want to do that, Bind used to ship default, still does in some distros, used to ship default running as root, and that kind of sucks, because somebody takes over Bind, some worm takes over Bind, you don't even get automated by human, you get automated by some stupid program. So what we do is, we set Bind to run as user-DNS, and we charoot it, which means we lock it into some itty-bitty directory in Bind. If somebody gets a DNS shell, that shell is restricted to this itty-bitty directory that's got virtually nothing in it, and nothing really that Bind owns, that that user owns except for one little itty-bitty, teensy-ween-CP-ID file. So that's kind of cool. We helped a lot of people dodge that, and that was like the scourge of Red Hat 6. I mean, a scourge of a lot of other stuff too. WooFTPD had an exploit, and it's always got an exploit, just like Bind. We offered to shut it down for you. We also offered to shut down anonymous access or user access or both, and that was really useful because the ad exploit kind of requires that they actually be able to, the first exploit at least required that somebody be able to write stuff to your machine, and we try to shut down any kind of access we can. Again, this is where the educational aspect came in, more than the script aspect. If we could tell you that FTP sucks, because it's clear text, FTP sucks because it's really rough to firewall, FTP sucks because they're always rooting it. If we can tell you that FTP sucks, maybe you'll stop running it, and then you don't have to worry about getting nailed by this one. User Helper was a little-known PAM program, and there were a couple different exploits against it. I think Dildog wrote User Router, and then there was another one, I don't remember what the name of the other exploit was, but it was really simple to exploit because this thing didn't check what directory it was looking in, so you could have it go back and use some other file. It was a pretty cool exploit. It was local only, but basically the user could get this root program when doing, I think it was when doing authentication or doing, to go back and use some library that he created instead of the normal library. It was really stupid, and again, we helped you dodge it because when we did our set UID audit, that was just one of the things that like, this doesn't, we don't need this, this was useful. LPD and send mail had a remote root. We shut these down if you asked us to because lots of people don't print from that machine or lots of people don't need to send mail from that machine or to receive mail. There were some more. Dump and Restore. Dump and Restore was kind of stupid. I mean, it really takes me off when I saw Dump and Restore set UID because let's think about it. Dump and Restore are used for backups. So do I have ordinary users who are running their mail accounts running my backups? If I've got someone running my backups, it should be somebody that I've specifically told the operating system to trust. And this is one of those stupid things that just shouldn't have been set UID. And well, we took care of that. So again, you didn't get rooted by the Dump exploit or the Restore exploit if you did our set UID audit and like did what we told you to do, which was kind of cool. GPM was another one. They used that to get the mouse cut and paste in console. Lots of people never used console. So again, it was something we could shut down and if you shut it down, you dodged yet another exploit. Now that one was a local exploit and there are lots of other ways to locally root a box. So the merit of this was only so strong but it was pretty useful. Yo, question. Do you receive mail? What do you do? Well, the issue is some of this can be granularly configured. Suppose you've got this machine, lots and lots of users are using SMTP to get mail off the box and they're using pop and imap to get mail to their box. If this workstation you're sitting in front of doesn't have to receive mail and distribute it to users, then you don't need send mail running in demon mode. You can just shut it down and when you run like mutt and pine and all that, they start up their own send mail process to get mail off the box. You really only need send mail to get mail to the box and that's only if you're trying to run your own mail server. It turns out that the bulk of the people don't need it and so we're able to shut down just what they don't need. It's like, okay, your mail still works, just this part doesn't work. The other issue is, when we go to hard and Apache, a lot of people want to have a web server but they're not ever going to put any CGI scripts on so we shut down CGI functionality. We shut down server-side includes and that kind of the granular parts really do help a lot and sometimes it's just the education part helps. If we can't configure something really, really finely, we can educate you on it and we can pray or hope or whatever because we're not doing anything in kernel space and if you really wanted to protect yourself from send mail's next root hole, it mostly ends up doing something in kernel space or charooting send mail or something like that. Was that a good answer or did I mostly dodge the question? The asker has passed out from heat exhaustion. No, he hasn't. It's all good. Vulnerable is we didn't stop in Red Hat 6. These are just like stuff that was well advertised. NMH, Mailer, couldn't do anything for you. It didn't have privilege. It only gets privilege if you run it as root. If you're not running it as root, then you don't get nailed. But if root's reading their mail with MH or in this case if root's using man to read man pages, we didn't really spot that stuff because it's not a program that had privilege that we could strip privilege from and it's not stuff we could make a good argument for removing from the system. Especially man. We want people to read man pages, not to stop. You possibly got nailed on these. These are pretty tough to exploit so you probably didn't. There's not much we can do. The one point I can make about root is try to just use root for what you need to do. Please don't run Netscape as root. Oh God, please don't. I don't know. Now that she's getting married to a RFP, maybe Zobe Kitten will take some time and try to show why we shouldn't use Netscape as root. Make a whole bunch of exploits that people get nailed at reading their mail. Sorry. How many minutes did you just miss? Shit. I'm sorry. I sound really loud to myself up here. I got big speakers or something. You want me to go back two slides? No. Okay, I'm going to keep going but I'll just try to keep this next to my mouth. Okay, so best deal. People are using it. SGI has been shipping out a bunch of their appliances which has been pretty cool. They're Linux appliances, not their iRex ones. I don't think they have any iRex appliances. Mandrake Soft, kind enough to hire me. Go Mandrake Soft. It's shipping in their distro which is really cool. It doesn't run other than install time because best deal takes a while to run and asks a lot of questions and they figure users will get annoyed by that and that's cool but it's in there so if you've got a Mandrake 8 or later you just type interactive best deal and boom, you're running it. You don't have to download it. You don't have to put up with my RPM distribution method or anything like that right now. HP has also developed three programmers and I think a manager as well to like, well the manager I think is supposed to hold the programmers. No, I'm not going to say that. I'm just kidding, especially if the HP guy's in the room now. HP's devoted some programmers to help out with porting it so that really rocks. I'm really happy with that because we're going to work on HP UX and we weren't going to do that for a while and they're helping out. I'm happy with that. We think we've got a lot of users. We really don't know how many. The problem with finding out how many is we've got one central site and everybody pulls the files down and distributes them elsewhere so it's going out through packet storm and it's going out because kitties need secure systems too and it's going out through a bunch of different security sites so we're not sure how many people we've got. We know the main site and I think we saw like 50,000 to the main site at least. We're at 100,000 but the tough thing is we don't know how many people got each version so it's kind of crazy. A lot of people are using this which is really good. Hopefully a lot more people will be using it when it runs on HP UX and Solaris and Debian and Slack and we'll see what comes next after that. Some guy actually made it work on Suza but he hasn't given me any of his materials yet but we can razz him later. Read the article. Best deal, we'll work on Suza, read the Linux journal article on it and it'll help. I don't know. Red Hat. Anybody from Red Hat here? Okay, yeah. Anybody got a t-shirt? Sorry. Hopefully Red Hat will start using Best deal or their own hardening script or whatever the hell and we'll get better defaults out of Red Hat. Do we work on Wirex? We work on Wirex. Wirex's Immunix distribution is very close to Red Hat so it like, Greg sent us like a three line patch that made it work on Wirex and Wirex is Immunix. So yeah, we work there. I dig Immunix. As somebody who works for vendor, I probably shouldn't say anything more like I really dig Immunix but it's pretty cool. They do kernel stuff, we do configuration stuff, history. Best deal started out like originally they were going to make a distribution from scratch, hence the Bastille Linux name like Red Hat Linux, Mandrake Linux. So they were going to make a distribution from scratch but that was a whole lot of work. I mean a whole lot of work and they just couldn't keep up and it was pretty discouraging and it stunk. So they said let's just make a script that turns Red Hat 6 into a decent operating I mean into a more secure operating system. I'm having fun here. I don't get to say this stuff at any other conference. So basically they said okay, we'll write a hardening script. Anybody got a hardening script? And I kind of came on and said I can write one. So they let me, which is cool. So now we've been adding stuff we're going to add some really cool stuff. I'll talk about that later. But it was a really simple, really very, very simple, not so intelligent hardening script but it was fresh. Red Hat 6 installed and it's something a whole lot better. Fresh, I just installed Red Hat. 1.1. Jay sat down for like a few weeks and coded up a new API and did a whole bunch of work and at that point it started working on non-virgin systems. So you install Red Hat 6 you sit alone for six months hopefully you left it unplugged so it doesn't get rooted and then you run Bastille on it and you get something a whole lot better. We also added a bunch of stuff like it's a whole lot easier for people to extend it like you all can write modules and I've got some slides that are going to be on my site in the next week that will tell you how to write your own modules if you want to and then you can send them to me and we'll include them in Bastille. It's very extensible, we put a cool configurator on it it's got a whole lot smarter it's got all kinds of cool features like an undo and it keeps track of everything it's doing and it'll tell you what it's doing it's released, uh oh this is a past slide 1.2 we just released a few weeks ago and it's pretty cool because it's smarter it will look at the state of your system a little bit and not do stuff that it's really obvious it doesn't not ask you questions it's really obvious don't apply to you and that's going to get even smarter and we got an X configurator that I'll show you when we're done with the slides okay we're growing too we're going to add more modules we're going to add more content we got a bunch of people who want to help with that at some point we'll get decent documentation but right now the script is its own documentation it does pretty well that way we're going to run on more platforms I told you we're going after HPUX with a quick pace and then Solaris is next anybody here from Sun we're coming for you you bastards yeah what about FreeBSD FreeBSD's actually got some interesting work going on as far as security so I've kind of thought of them as not quite the best next target because FreeBSD in my mind is a whole lot better off for a lot of reasons you're a lot better off running Solaris than running FreeBSD than Solaris and I want to kind of make Solaris a whole lot better so I'm going up to Solaris right now but once the Solaris and HPUX is done it's going to be a whole lot easier to look at FreeBSD in the meantime I'm not sure if somebody's got solutions there's been some people trying to work on that for like two years I'm not sure where they're going I didn't really want to step in their space before taking some real time to see what shapes up yeah IRIX IRIX we are we had a university offer to help us to donate a grad student to port to IRIX and they kind of backed off I think they lost their grad student or something but we've thought about IRIX somebody stepped up the plate to help out with IRIX I would definitely look at porting to there yeah another question over there who's I'm sorry this yeah I know Center for Internet Security has a Solaris Hardening script as well as a checker yeah I do the the hardening script is really kind of like beta maybe it's alpha as far as Center for Internet Security what it's doing is like it's doing a they're kind of checking a subset of what Bestial does and when I think a really good hardening script should do they're trying to look for minimum standards so they've also got a very very basic script that how Pomerance wrote and it will try to bring you up to compliance with their standards I think that Bestial does a whole lot better job and honestly I'm involved with the Center for Internet Security I wrote the tester so I think there's some there's some possibility we're going to end up using Bestial that we're going to see if we can distribute Bestial or make Bestial do the Center stuff I'm not sure I have no idea where that's going so that that quote is vaporware but yeah so Center for Internet Security has got stuff a bunch of people have stuff for Sun okay there's Titan for Sun there's Yasp for Sun okay each of them has some really strong points and some really weak points I think that they can use some competition I think honestly that I'm not really going to try to push you all to go to Bestial for Solaris I mean use one of the things that have been around for a while there are established standards feel free to use them however if you have a heterogeneous shop where you're running Bestial and you're running HP and you're running Solaris I'm sorry if you're running Linux and you're running HP and you're running Solaris maybe writing one policy config file and pushing it out to all three might be kind of cool you know without having to figure out for each system so there's some use in Bestial being on Sun and there's some reasons to use something else and I'd be happy to explore that in Q&A later on can somebody tell me what time it is my clock has stopped 12.40 what's that okay so I wanted to I can either run through each all the features of Bestial what we do or I can show you one of the screens and take Q&A who wants all those slides that tell you about what Bestial does Q&A and it's a flight demo okay there are a lot more people in this room Jake get off the stage Jake okay cool I'm happy with that what are the rest of you want man air conditioning yeah yeah I'm with you there okay I'm taking that vote again damn it who wants to see what Bestial does bunch of slides okay we'll go through and say this is something Bestial does here's why it doesn't okay who wants to see a demo and do Q&A okay we're doing a demo and Q&A thank you guys damn this conference rocks I was running PowerPoint for those of you that saw Bestial before that's got a little prettier I'm gonna see if I can see my own screen because my laptop's not doing it okay so yeah that's the interface and what you see on the left side of the screen what you see on that side of the screen is a list of modules each of those has a certain number of questions and actions so like the Apache module obviously hardens your FTP server no the Apache module does the web server you all are falling asleep on me I know it okay so what you see is we've got a on the right side you've got a question and explanation the question is the thing I wanted to ask you in the first place the explanations all that stuff I figured I had to tell you so that you could make an informed choice some people have thought the explanations are really one of the better parts of Bestial they're like you know I don't want to use a script to do all this stuff I want to do it by hand but I sure as heck like to you know like to learn something about having to read an entire book or whatever so the explanations are really darn useful the nice thing about Bestial is that as you go through it's not making changes until you end and so you know you can read all the explanations then quit out you know okay so let me pick a good example question what's that what are the defaults the question is are the defaults all hardening steps in other words if you just click enter enter enter enter whatever or you know next next next what happens what happens is that you get the defaults that I figure will keep Jay from getting yelled at all the time okay so the defaults are not the most secure they're not like do everything because if we do everything we are going to piss I don't know 40% 50% of the people off maybe everybody okay so the idea is that we want to we tried to set defaults we didn't want to set defaults we wanted to make you actually read each question inside what was best for your system because then you get the best security but living in a living in an imperfect world we said okay um yeah we'll make the defaults that if you go through all the defaults you probably won't bitch at Jay because I get a whole lot of email about Bestial and like answering the same question over and over about why Talnet's gone kind of sucks um so no the defaults are not all make the box unusable it's whatever I thought would not piss people off so here's an example question um it's not massively readable from the back I'm sure um it says uh question would you like to disable setuid status for mount and you mount okay so who doesn't know what setuid is oh come on somebody in this room okay setuid what it does is lets an ordinary user get full super user privileges they get the privileges of root just to run this one command it's really an example here is that mounting and unmounting drives everybody kind of figured that you'd only want like root to mount and unmount drives um and so if you want to use mount and you mount like if you want to mount a floppy drive or cd round drive you might not be root you might just be like some user on the system like I'm letting you play quake or whatever on my system and so you want to mount the quake cd rom um so the idea is that if and what this question says is mount and you mount are used for mounting slash activating and unmounting deactivating drives that are not automatically mounted at boot time this can include floppy and cd rum drives disabling setuid would still allow anyone with the root password to mount and unmount drives okay so which is saying is kind of like yo if this is a server that like no one's ever walking up to and sticking floppies in or at least no one that you want to stick floppies in then um then maybe you should turn off setuid and if you did this you dodged an exploit because there was an exploited mount that gave somebody who had the access to the box I mean who had local access on the system not physical but local access on the system they got root out of whatever user they had so um everyone all the sudden starts to run home and find their exploit for mount um but yeah you can find the exploit I think it's on packet storm um but so uh so we can you know we we offer to shut this off you can kinda choose yes yeah question good question damn it um so the question was when you run this does it check what the state of the system is and then let you change it or does it just look at the defaults a little bit both um what we do is we're not investigating the system to learn what the settings are right now okay what we're doing is letting you create in essence we're letting you create a policy file so we say we've got our default policy but if you load up a previous policy you can edit that so if you had a policy on your system it brings up the current policy which means if you ran Bastille once you change your mind about something okay you run Bastille you change your mind you go back and you change something it does the right thing and it knows that you had the previous setting but right now we're not investigating systems the reason that we're not going and investigating your system is that Linux Conf Webmin and a bunch of other things try to do this configuration management magic um and I think they suck um and a lot of people think they suck and the more you learn about them the more you think they suck um so I don't want people to say Bastille socks um except when they're just having fun with Linux Conf I mean I don't want people to say yeah Bastille doesn't always work the way we say Linux Conf doesn't always work so I'm not going there right now so right now the idea is we help you set a policy you create a policy file and you can push that across a system or even a thousand systems you can take that policy file and use it on a bunch of other systems that are similar enough I'd be prepared to evacuate you guys okay so um okay so you go through when you answer questions do you guys want to see more of the questions you just want to like um question yep so the question was can we configure stuff on a per interface basis can we say that Apache should only respond on ETH0 but not ETH1 or the other way around or set Apache to only run on local interface yes we can do that for Apache and then we've got a firewall individual machine firewall that will let you set which interfaces you know the machine will take Apache related traffic to if you can define what that is question is the firewall, did we write new Linux kernel firewalling from scratch no um if you've got Linux 2.2, 2.4 with the associated IP chains binary or IP tables binary it will run through a whatever 300 400 line firewall and just run IP chains IP chains IP chains commands or IP tables or whatever yes it overwrites what you have the question was does it overwrite your existing firewall yes again um it's really really hard for a program to be smart enough to parse your current firewall and then make you know and then make additions to it that make sense unless it understands the firewall so it's we're making our own which gets you better security in general another question does it tell you what change has been made or does it make the changes well the first answer to that is as you're reading through you kind of find out what you're doing you know we just we just took we just took set you ID off ping um but we also have a log file that tells you everything that it did um if you're if you're a pearl programmer makes more sense um but you know or if you're at least a system and it makes more sense uh newbies can maybe figure it out so um yeah we kind of we're working on that mc wow that's a lot easier one of the reasons that I was able to get uh bestial to run on suza without very much effort at all was because of the rather high level of quality logging that bestial does and uh so what all that I had to do was go through that log after after running the policy script and seeing what failed and why and in most cases it was just a matter of some config file not being where it would in say red hat or in mandrake and you know a lot of the differences between suza and and those os's kind of boils down to locations and uh then going through and tweaking the script itself and I'm by no means uh pearl guru but there's enough you know english in bestial linux scripts to uh customize them pretty equally and I think that's one of the big strengths so you owe me a beer I forgot about my beer okay so yeah um yeah that was the answer um there was another question yeah there's an explain less button he wants an explain even more button yeah what we did was we said we're gonna we wrote good explanations and we said oh god maybe some people want to get through this thing more quickly so we made an explain less so on a per question basis you can define you can define how uh you can define basically um how good how detailed the explanations are and that's a really useful thing um yeah and explain even more okay so yeah plug time um explain even more means read my articles on security portal or go buy my book when it's done or something um the other version of explain more is um the best thing you can do for security one of the best freaking things you can do for security is to understand your system better you can understand if the you can't really hack a system or you can't hack a system with your own script um unless you really understand how it works so the better you can understand your system the better you'll get at security there was a yeah I'm sorry there's a very good suggestion we should include a relative threat level say this is something you can do if you don't do it you're fucking goner man or um this is kind of just something that would be a good idea it's with hardening you're really just trying to you're just trying to get into a better state but yeah we can probably do that um the tough thing is what's the relative threat threat level of set UID mount until the mount exploit comes out I don't know oh yeah if an exploit exists already yeah we can definitely do that we can say we've thought about actually doing whole space vulnerability like just saying hey as long as we're poking around your system let us tell you what's wrong with it you know and that might be something we do yeah expanding on the explain more maybe another thought would be to mention particular man pages that would be helpful for newbies as to which okay what he said was expanding on the explain more maybe we should start referencing man pages that these newbies should read good idea yeah question do we have a backup capability yeah I'm right with you we have a backup capability every time whenever you when you first run bestial okay when you first run bestial among other things we make a backup every single file we modify okay they're in a directory called like var log bestial undo backup and in there what you'll see is like your your etsy password file is in a directory called etsy in there so it's like you can actually use tar to go and undo the backup I just run our fancy Schranze undo program so yeah we'll take you right back to where you were it's like a it's not a really refined go back but it's like a big red button like I just ran bestial and everything's all fucked up so you know I hit a big red button it all comes back people use this thing a lot when they when they misconfigure their firewall yeah another question what are my feelings on sudo okay sudo is used in place of like there are a couple things you can do with set UID programs or whatever you can take a set UID program and and set it so it's not world executable it's only executable by a group and then put a bunch of people in that group so you might have a group called pingers you know people are allowed to use ping as people are allowed to use ping as root I like sudo sudo is cool okay sudo lets you do the same kind of thing except it's got a lot more flexibility and a lot more built in security it's nice sudo is a nice option I think everyone should go and read about sudo go read about sudo go check it out it's really useful if you are a system administrator in this room and you've got people helping you you've got like you know kids or whatever like staff or something you need sudo okay it lets you delegate it lets you delegate certain tasks to somebody without giving them a root password so instead of my sysadmin like you know a few years back like giving me the root password on all the systems hehehe he could have like just given me like sudo permission to just do the stuff I needed to do you know like swap the tapes or something so sudo is really cool I like sudo keeping all the backup files on the system what about the security implications of keeping all those backup files those undo files on the system does it open up another exploit you're too paranoid boy not really because to read that stuff you got to be root like we said the permissions well and if you're root already you know if you can read those files you can if you can read the backup the old files you can basically read the current ones so you know we're not really it's not really um you haven't won anything so it's no it shouldn't be a problem it shouldn't be a problem yeah question back there ooh I like this question so both from the user community and developers who want to get involved what can you do to help okay so if you're a pro programmer and you've got some part of the system that we're not currently hardening and you'd like to write a script we could do some good Samba a good Samba like configurator for better security um the best thing you can do is go and read the slides I'm going to put up on my website from a talk idea of last week in Bordeaux called um hacking best deal modules um and that'll help you create you know your own modules so you know get in and like send me an email and say I want to do this and we'll start talking and you can make your own module if you're a user there's lots of areas you can help one of them is testing we could really use some good testing it's surprising you know how how how hard it is to hold on to testers but people get kind of bored so um yeah we could use testers people who have vmware are amazingly useful um we can use people who can uh write or clean up our documentation um we can use people who can run best deal on a system and then see what and you know we can use hackers we can use people who can run best deal on a system and see what they can still do to it so send us an email and say um haha I rooted the best deal box you know like I'd find that very useful I'd like some research so um whatever you can think of that you think you could donate to this project in terms of time energy and thoughts um yeah you probably can uh future speaker how many minutes do I have left oh how many minutes do I have left what time is it 1256 I got four minutes when's my book coming out um our um books take a long time to write and then a long time to publish and maybe a year maybe six months but depends on how quickly I write yeah with uh 2.4 kernel with the 2.4 kernel in place of IP chains we're having IP tables in place of IP chains what does that buy us um much better firewalling damn it um among other things um FTP is a bitch to firewall and you've got a stateless packet filter and it's a whole lot easier to firewall when you've got a stateful packet filter um um 2.4's packet filter is stateful it's just a whole lot smarter okay um it's just it's just really good and if there's no other questions I'll go on and on about it but stateful packet filtering rocks and we take advantage of it and we'll take advantage of more of the cool features like Mac address filtering or whatever so yeah we'll get there um there's some it's it's cool yeah I'm sorry just for differences so the question was uh maybe we should do some file integrity checking like we can look at today's configuration file and six months it goes to configuration file and see what's changed um yeah that could be a cool idea um we can install tripwire on the box and that'd be you know a tripwire aid on the box and that would be a really useful feature something to something to you know tripwire is really good at detecting I'm detecting a lot of hacks because um it keeps track of a lot of important files uh yeah maybe we should implement something like that that'd be a good idea email me another another question so what do I think uh how do I think bestill should be deployed we talked about personal firewalls and what does that do to administering the network itself well my thought is I don't trust nobody okay I don't trust my system in okay I think my system in is probably a really lazy guy actually he's me but you know in in most examples I don't trust my system in my network admin to get it right to do the right things for me so if I have the ability I'll do anything I can to make it harder to nail my system um that is to say personal firewalls are really useful because whenever you've got a hole in the firewall you got a second firewall behind it even if it's on the target box that's a pretty useful thing so I think as far as deployment I mean you can as a system and you can roll it out across all your systems or you can have individual users or box owners deploying it on their box whatever it's all good it's very very useful everywhere you know I don't know another question what time is it 4 whole last question what's it a kernel module question it'd be really cool to figure out exactly what you want on your kernel and build it and not have the capability to load modules that would be really useful because then we don't have to worry about module like rootkit so much but otherwise that's all I got to say okay I am done okay I am done