1748195 Members
3326 Online
108759 Solutions
New Discussion юеВ

Re: bastille

 
silusan
Regular Advisor

bastille

Got a defect identified by the testers in our newly built VM host. How to get rid of this

#> bastille -l
NOTE:    The system is in its pre-bastilled state.

#pwd

/etc/opt/sec_mgmt/bastille
#> ll
total 112
-r-xr-xr-x   1 bin        bin            209 Mar  3  2011 Modules.txt
dr-xr-xr-x   3 bin        bin           8192 Jan  7 13:55 OSMap
dr-xr-xr-x   2 bin        bin           8192 Jan  7 13:55 Questions
dr-xr-xr-x   4 bin        bin             96 Jan  7 13:55 configs
-r-xr-xr-x   1 bin        bin            814 Mar  3  2011 ipf.customrules
-r-xr-xr-x   1 bin        bin            986 Mar  3  2011 jail.bind.hpux
-r-xr-xr-x   1 bin        bin            823 Mar  3  2011 jail.bind9.hpux
-r-xr-xr-x   1 bin        bin           1643 Mar  3  2011 jail.generic.hpux
dr-xr-xr-x   2 bin        bin             96 Jan  7 13:55 mx
#>

 

 

 

In another normal server:

# pwd
/etc/opt/sec_mgmt/bastille
#

# ll
total 128
-rw-------   1 root       sys              0 Jun 20  2008 .nodisclaimer
-r-xr-xr-x   1 bin        bin            197 Dec  7  2007 Modules.txt
dr-xr-xr-x   3 bin        bin           8192 Jun 18  2008 OSMap
dr-xr-xr-x   2 bin        bin           8192 Jun 18  2008 Questions
-r----x---   1 bin        bin           6105 Jun 20  2008 config
dr-xr-xr-x   4 bin        bin             96 Jun 18  2008 configs
-r-xr-xr-x   1 bin        bin            814 Dec  7  2007 ipf.customrules
-r-xr-xr-x   1 bin        bin            986 Dec  7  2007 jail.bind.hpux
-r-xr-xr-x   1 bin        bin            823 Dec  7  2007 jail.bind9.hpux
-r-xr-xr-x   1 bin        bin           1643 Dec  7  2007 jail.generic.hpux
dr-xr-xr-x   2 bin        bin             96 Jun 18  2008 mx
# bastille -l
The last bastille run corresponds to the following profiles:
   /etc/opt/sec_mgmt/bastille/config

 

#

21 REPLIES 21
silusan
Regular Advisor

Re: bastille

/etc/opt/sec_mgmt/bastille#> bastille -b -f config
NOTE:    Entering Critical Code Execution.
         Bastille has disabled keyboard interrupts.


NOTE:    Bastille is scanning the system configuration...

FATAL:   A fatal error has occurred.  Not all of the questions
         that pertain to this system have been answered.  Rerun
         the interactive portion of Bastille on this system.
         MODULE.QUESTION=AccountSecurity.cronuser
/etc/opt/sec_mgmt/bastille#>

 

I copied config file from another server and gave it appropriate permissions but I got the above err

Can someone please suggest

Henry Fauni
Valued Contributor

Re: bastille

It's possible you have a newer version of Bastille software installed on the new server, and the MODULE question it's looking for is not there.

 

Compare versions on both systems:

# swlist -l product -a revision | grep -i bastille

 

I would just do what it's suggesting: "Rerun the interactive portion of Bastille on this system."

 


 

silusan
Regular Advisor

Re: bastille

Hello Henry This could be of some interest

 

Normal server:

 # bastille -l
The last bastille run corresponds to the following profiles:
  # swlist -l product -a revision | grep -i bastille
  Bastille              B.3.0.31
# uname -a
HP-UX <vmhost> B.11.31 U ia64 3565873559 unlimited-user license
 #

 

Newly built server(has bastille issue):

 

:/etc/opt/sec_mgmt/bastille #> bastille -b -f config
NOTE:    Entering Critical Code Execution.
         Bastille has disabled keyboard interrupts.


NOTE:    Bastille is scanning the system configuration...

FATAL:   A fatal error has occurred.  Not all of the questions
         that pertain to this system have been answered.  Rerun
         the interactive portion of Bastille on this system.
         MODULE.QUESTION=AccountSecurity.cronuser
:/etc/opt/sec_mgmt/bastille #>

:/ #> swlist -l product -a revision | grep -i bastille
  Bastille              B.3.3.01
 #>uname -a
HP-UX <vmhost> B.11.31 U ia64 1392496050 unlimited-user license
/etc/opt/sec_mgmt/bastille #>

please suggest


 

silusan
Regular Advisor

Re: bastille

can we consider.... downgrading the bastille version from B.3.3.01 to B.3.0.31
but not sure if it is a simple procedure of swremove and then swinstall
pls suggest
silusan
Regular Advisor

Re: bastille

Henry..you said
I would just do what it's suggesting: "Rerun the interactive portion of Bastille on this system."
How would I do this...

etc/opt/sec_mgmt/bastille #> bastille
NOTE: $DISPLAY not set. Attempting Curses interface.
NOTE: Using Curses user interface module.
NOTE: Only displaying questions relevant to the current configuration.
ERROR: Could not load the 'Curses.pm' interface module.This may be due to an
invalid $DISPLAY setting,or the module not being visible to Perl.
etc/opt/sec_mgmt/bastille #>
Torsten.
Acclaimed Contributor

Re: bastille

This is an graphical application, you need an Xserver.

Consider to download something like "mobaxterm" to your PC, run it and ssh to the server.

Hope this helps!
Regards
Torsten.

__________________________________________________
There are only 10 types of people in the world -
those who understand binary, and those who don't.

__________________________________________________
No support by private messages. Please ask the forum!

If you feel this was helpful please click the KUDOS! thumb below!   
silusan
Regular Advisor

Re: bastille

 
Torsten.
Acclaimed Contributor

Re: bastille

$DISPLAY not set!

you have still this message.

Hope this helps!
Regards
Torsten.

__________________________________________________
There are only 10 types of people in the world -
those who understand binary, and those who don't.

__________________________________________________
No support by private messages. Please ask the forum!

If you feel this was helpful please click the KUDOS! thumb below!   
silusan
Regular Advisor

Re: bastille

trying..but failing :-(

:/ #> export DISPLAY=`hostname`
:/ #> xhost + `hostname`
xhost: unable to open display "xxx-yyy-vmhost"
:/ #>

:/ #> export DISPLAY=`hostname`:0.0
:/ #> xhost +
xhost: unable to open display "xxx-yyy-vmhost:0.0"
:/ #>