| Richard Marian Thomaiyar | 14fddef | 2018-07-13 23:55:56 +0530 | [diff] [blame] | 1 | # Q: Would you like to enforce password aging? [Y] |
| 2 | AccountSecurity.passwdage="Y" |
| 3 | # Q: Should Bastille disable clear-text r-protocols that use IP-based authentication? [Y] |
| 4 | AccountSecurity.protectrhost="Y" |
| 5 | # Q: Should we disallow root login on tty's 1-6? [N] |
| 6 | AccountSecurity.rootttylogins="Y" |
| 7 | # Q: What umask would you like to set for users on the system? [077] |
| 8 | AccountSecurity.umask="077" |
| 9 | # Q: Do you want to set the default umask? [Y] |
| 10 | AccountSecurity.umaskyn="Y" |
| 11 | # Q: Would you like to deactivate the Apache web server? [Y] |
| 12 | Apache.apacheoff="Y" |
| 13 | # Q: Would you like to password protect single-user mode? [Y] |
| 14 | BootSecurity.passsum="Y" |
| 15 | # Q: Should we restrict console access to a small group of user accounts? [N] |
| 16 | ConfigureMiscPAM.consolelogin="Y" |
| 17 | # Q: Which accounts should be able to login at console? [root] |
| 18 | ConfigureMiscPAM.consolelogin_accounts="root" |
| 19 | # Q: Would you like to put limits on system resource usage? [N] |
| 20 | ConfigureMiscPAM.limitsconf="Y" |
| 21 | # Q: Would you like to set more restrictive permissions on the administration utilities? [N] |
| 22 | FilePermissions.generalperms_1_1="Y" |
| 23 | # Q: Would you like to disable SUID status for mount/umount? |
| 24 | FilePermissions.suidmount="Y" |
| 25 | # Q: Would you like to disable SUID status for ping? [Y] |
| 26 | FilePermissions.suidping="Y" |
| 27 | # Q: Would you like to disable SUID status for traceroute? [Y] |
| 28 | FilePermissions.suidtrace="Y" |
| 29 | # Q: Do you need the advanced networking options? |
| 30 | Firewall.ip_advnetwork="Y" |
| 31 | # Q: Should Bastille run the firewall and enable it at boot time? [N] |
| 32 | Firewall.ip_enable_firewall="Y" |
| 33 | # Q: Would you like to run the packet filtering script? [N] |
| 34 | Firewall.ip_intro="Y" |
| 35 | # Q: Interfaces for DHCP queries: [ ] |
| 36 | Firewall.ip_s_dhcpiface=" " |
| 37 | # Q: DNS servers: [0.0.0.0/0] |
| 38 | Firewall.ip_s_dns="10.184.9.1" |
| 39 | # Q: ICMP allowed types: [destination-unreachable echo-reply time-exceeded] |
| 40 | Firewall.ip_s_icmpallowed="destination-unreachable echo-reply time-exceeded" |
| 41 | # Q: ICMP services to audit: [ ] |
| 42 | Firewall.ip_s_icmpaudit=" " |
| 43 | # Q: ICMP types to disallow outbound: [destination-unreachable time-exceeded] |
| 44 | Firewall.ip_s_icmpout="destination-unreachable time-exceeded" |
| 45 | # Q: Internal interfaces: [ ] |
| 46 | Firewall.ip_s_internaliface=" " |
| 47 | # Q: TCP service names or port numbers to allow on private interfaces: [ ] |
| 48 | Firewall.ip_s_internaltcp=" " |
| 49 | # Q: UDP service names or port numbers to allow on private interfaces: [ ] |
| 50 | Firewall.ip_s_internaludp=" " |
| 51 | # Q: Masqueraded networks: [ ] |
| 52 | Firewall.ip_s_ipmasq=" " |
| 53 | # Q: Kernel modules to masquerade: [ftp raudio vdolive] |
| 54 | Firewall.ip_s_kernelmasq="ftp raudio vdolive" |
| 55 | # Q: NTP servers to query: [ ] |
| 56 | Firewall.ip_s_ntpsrv=" " |
| 57 | # Q: Force passive mode? [N] |
| 58 | Firewall.ip_s_passiveftp="N" |
| 59 | # Q: Public interfaces: [eth+ ppp+ slip+] |
| 60 | Firewall.ip_s_publiciface="eth+ ppp+ slip+" |
| 61 | # Q: TCP service names or port numbers to allow on public interfaces:[ ] |
| 62 | Firewall.ip_s_publictcp=" " |
| 63 | # Q: UDP service names or port numbers to allow on public interfaces:[ ] |
| 64 | Firewall.ip_s_publicudp=" " |
| 65 | # Q: Reject method: [DENY] |
| 66 | Firewall.ip_s_rejectmethod="DENY" |
| 67 | # Q: Enable source address verification? [Y] |
| 68 | Firewall.ip_s_srcaddr="Y" |
| 69 | # Q: TCP services to audit: [telnet ftp imap pop3 finger sunrpc exec login linuxconf ssh] |
| 70 | Firewall.ip_s_tcpaudit="telnet ftp imap pop3 finger sunrpc exec login linuxconf ssh" |
| 71 | # Q: TCP services to block: [2049 2065:2090 6000:6020 7100] |
| 72 | Firewall.ip_s_tcpblock="2049 2065:2090 6000:6020 7100" |
| 73 | # Q: Trusted interface names: [lo] |
| 74 | Firewall.ip_s_trustiface="lo" |
| 75 | # Q: UDP services to audit: [31337] |
| 76 | Firewall.ip_s_udpaudit="31337" |
| 77 | # Q: UDP services to block: [2049 6770] |
| 78 | Firewall.ip_s_udpblock="2049 6770" |
| 79 | # Q: Would you like to add additional logging? [Y] |
| 80 | Logging.morelogging="Y" |
| 81 | # Q: Would you like to set up process accounting? [N] |
| 82 | Logging.pacct="N" |
| 83 | # Q: Do you have a remote logging host? [N] |
| 84 | Logging.remotelog="N" |
| 85 | # Q: Would you like to disable acpid and/or apmd? [Y] |
| 86 | MiscellaneousDaemons.apmd="Y" |
| 87 | # Q: Would you like to deactivate NFS and Samba? [Y] |
| 88 | MiscellaneousDaemons.remotefs="Y" |
| 89 | # Q: Would you like to disable printing? [N] |
| 90 | Printing.printing="Y" |
| 91 | # Q: Would you like to disable printing? [N] |
| 92 | Printing.printing_cups="Y" |
| 93 | # Q: Would you like to display "Authorized Use" messages at log-in time? [Y] |
| 94 | SecureInetd.banners="Y" |
| 95 | # Q: Should Bastille ensure inetd's FTP service does not run on this system? [y] |
| 96 | SecureInetd.deactivate_ftp="Y" |
| 97 | # Q: Should Bastille ensure the telnet service does not run on this system? [y] |
| 98 | SecureInetd.deactivate_telnet="Y" |
| 99 | # Q: Who is responsible for granting authorization to use this machine? |
| 100 | SecureInetd.owner="its owner" |
| 101 | # Q: Would you like to set a default-deny on TCP Wrappers and xinetd? [N] |
| 102 | SecureInetd.tcpd_default_deny="Y" |
| 103 | # Q: Do you want to stop sendmail from running in daemon mode? [Y] |
| 104 | Sendmail.sendmaildaemon="Y" |
| 105 | # Q: Would you like to install TMPDIR/TMP scripts? [N] |
| 106 | TMPDIR.tmpdir="N" |