Bastille Linux

$CORRECT_PERL_PATH must be an enviromental variable for the shell. You can change it by seting it and exporting it (" CORRECT_PERL_PATH=/some/path ; export CORRECT_PERL_PATH ").

A quick way to check if a module is installed is just to include it.
[code:1]
#!/usr/bin/perl
require CAT::MODULE;[/code:1] (replace CAT::MODULE as appropriate)

If it's ok you won't see output ,else you'll get a "can't locate" error mentioning what file could not be found and the paths (@INC) where it was searched.

Hi all,

I know this is an old discussion, but I had this very same problem and didn't come across the solution at the Internet but I found it myself, so I share it:

1) find path to Tk.pm (it's the perl file that bastille needs)
2) edit /usr/sbin/bastille and add the path to Tk.pm on your system

As long as perl is already installed on your system that's enough.
Hope it's usefull to someone, it would have been to me.

Hey guys

Is, SELINUX the same as Bastile. I tried to install it on my Unbuntu 7 via apt-get but they call it checkpoint something. Has anyone tried this.

lindows

Hello,

No, Bastille is a script that aims to configure the individual pieces of software on your linux distribution in a specific (secure) way. It does nothing that can't be done by manual configuration.

Grsecurity and SElinux on the other hand are low-level software that change a lot of the traditional UNIX semantics, introducing the concept of Mandatory Access Control . For that reason they need to work at the kernel level, and a patched, reconfigured, kernel is required.

SElinux' policy description language is enough complex and powerful to be considered a programming language. With it an administrator can restrict access to sockets, applications, files and other resources in an amazingly detailed way. Grsecurity supports very similar features, but also comes with a tool to help generate policies, which makes it significantly more simple than SElinux to implement.

Grsecurity also includes PaX , which significantly hardens a system against some types of attacks, with minimum need for configuration.

There is an associated overhead (cost in performance) with both the above systems, but in most cases the benefits in security render it negligible.

There is a nice comparison overview among the two systems here .