Debian Bug report logs - #592137
RFH: bastille -- Security hardening tool

version graph

Package: wnpp; Maintainer for wnpp is wnpp@debian.org;

Reported by: Javier Fernández-Sanguino Peña <jfs@computer.org>

Date: Sat, 7 Aug 2010 18:15:02 UTC

Severity: normal

Fixed in version 1:3.0.9-13+rm

Done: Debian FTP Masters <ftpmaster@ftp-master.debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, wnpp@debian.org:
Bug#592137; Package wnpp. (Sat, 07 Aug 2010 18:15:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Javier Fernández-Sanguino Peña <jfs@computer.org>:
New Bug report received and forwarded. Copy sent to wnpp@debian.org. (Sat, 07 Aug 2010 18:15:04 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Javier Fernández-Sanguino Peña <jfs@computer.org>
To: submit@bugs.debian.org
Subject: RFH: bastille - Security hardening tool
Date: Sat, 7 Aug 2010 20:10:42 +0200
[Message part 1 (text/plain, inline)]
Package: wnpp
Severity: normal

I would appreciate help with the bastille package, a security tool to
lockdown systems. 

The current version in Debian (3.0.9) was heavily modified to work in Debian
but, alas, patches were sent but not incorporated upstream. The latest
upstream version (3.2.1) was released in September 2008. Upstream is no
longer active with this tool and no updates are forthcoming. 

In any case, the Bastille tool could be rather useful to Debian users if it
could allow them to easily implement most of the steps required to secure a
Debian system (some of which are described in the Securing Debian Manual
[1]).

Steps that I would need help with:

 - Move over Bastille in Debian to an Alioth Project and push to SVN or
   GIT all the different releases
 - Separate Debian-specific patches from the original sources (turn to quilt
   or other patch-handling tool)
 - Update the Debian API for 3.2.1
 - Test and get out a  3.2.1 release for Debian

Regards

Javier


[1] http://www.debian.org/doc/manuals/securing-debian-howto/index.en.html



[signature.asc (application/pgp-signature, inline)]

Changed Bug title to 'RFH: bastille -- Security hardening tool' from 'RFH: bastille - Security hardening tool' Request was from Jakub Wilk <jwilk@debian.org> to control@bugs.debian.org. (Sun, 08 Aug 2010 13:27:33 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, wnpp@debian.org:
Bug#592137; Package wnpp. (Tue, 21 Sep 2010 18:03:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Mehul Sanghvi <mehul.sanghvi@gmail.com>:
Extra info received and forwarded to list. Copy sent to wnpp@debian.org. (Tue, 21 Sep 2010 18:03:03 GMT) Full text and rfc822 format available.

Message #12 received at 592137@bugs.debian.org (full text, mbox):

From: Mehul Sanghvi <mehul.sanghvi@gmail.com>
To: 592137@bugs.debian.org
Subject: Re: RFH: bastille - Security hardening tool
Date: Tue, 21 Sep 2010 13:59:58 -0400
I've used the tool before and do not mind helping.

cheers,

       mehul

-- 
Mehul N. Sanghvi
email: mehul.sanghvi@gmail.com




Information forwarded to debian-bugs-dist@lists.debian.org, wnpp@debian.org:
Bug#592137; Package wnpp. (Wed, 16 Mar 2011 19:54:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to George Zarkadas <georgios.zarkadas@gmail.com>:
Extra info received and forwarded to list. Copy sent to wnpp@debian.org. (Wed, 16 Mar 2011 19:54:03 GMT) Full text and rfc822 format available.

Message #17 received at 592137@bugs.debian.org (full text, mbox):

From: George Zarkadas <georgios.zarkadas@gmail.com>
To: 592137@bugs.debian.org
Subject: Re: RFH: bastille - Security hardening tool
Date: Wed, 16 Mar 2011 21:53:37 +0200
[Message part 1 (text/plain, inline)]
Hi,

I would gladly help with this. 

I use Bastille as my main firewall, as well as its tmp-securing script.
I have also gone through all steps of "Securing Debian Manual" as part
of my systems' security policy, so no problem with that also. 

I am currently preparing a package for inclusion in debian (see
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=518696 and the parallel
package in http://mentors.debian.net), so I have both already gained
some experience with it and enough free time (no lots of packages to
distract me) to devote to the bastille-reshaping project.

Over the suggested tools, I would prefer git and quilt.  They allow to
work independently and in a modular way.  For example, I could start
immediately to separate patches in my branch while I would wait for you
to create the Alioth project and init the main git repo there.  But I
can work with other tools too.

Please provide me with a tasklist of things that I can start working.

regards
George Zarkadas

[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, wnpp@debian.org:
Bug#592137; Package wnpp. (Wed, 18 May 2011 19:12:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to George Zarkadas <georgios.zarkadas@gmail.com>:
Extra info received and forwarded to list. Copy sent to wnpp@debian.org. (Wed, 18 May 2011 19:12:03 GMT) Full text and rfc822 format available.

Message #22 received at 592137@bugs.debian.org (full text, mbox):

From: George Zarkadas <georgios.zarkadas@gmail.com>
To: 592137@bugs.debian.org
Subject: Script to make git repository with quilt format switch - executable and data
Date: Wed, 18 May 2011 22:13:11 +0300
[Message part 1 (text/plain, inline)]
Attached is a script, along with the required data, that when run will
download all upstream versions of bastille and will create a git
repository with both original (1.0 format) and quilt (3.0 format)
branches, that tracks the entire debian project's history up to the
merging of new upstream 3.2.1. 

Its selections can be configured, so that patches contents and
commit/tag messages/names can be altered on will and then the git
repository be rebuilt from the beginning. Instructions on how to operate
and how to configure are given on the accompanying README file inside
the tarball.

This effectively address the first two steps of this RFH.

An example created git repository will be attached in a subsequent
message, as an example run, to aid the inspection of the final result
without the need to run the script. 

regards

George Zarkadas

PS: Development branch of script code is at:
http://bazaar.launchpad.net/~gzarkadas/+junk/packaging/files/head:/bastille-repackage/ 

[bastille-repo-build.tar.bz2 (application/x-bzip-compressed-tar, attachment)]
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, wnpp@debian.org:
Bug#592137; Package wnpp. (Wed, 18 May 2011 19:21:09 GMT) Full text and rfc822 format available.

Acknowledgement sent to George Zarkadas <georgios.zarkadas@gmail.com>:
Extra info received and forwarded to list. Copy sent to wnpp@debian.org. (Wed, 18 May 2011 19:21:09 GMT) Full text and rfc822 format available.

Message #27 received at 592137@bugs.debian.org (full text, mbox):

From: George Zarkadas <georgios.zarkadas@gmail.com>
To: 592137@bugs.debian.org
Subject: Script to make git repository with quilt format switch - example run
Date: Wed, 18 May 2011 22:19:30 +0300
[Message part 1 (text/plain, inline)]
This is an example run of the bastille-repo-build script, presented at
the previous message. 

It should _not_ be used as the production git repository, because tags
and commits are signed by me and because the merged quilt branch is
pre-selected. Instead, the script is designed to be run by the package
maintainer, so that any selections, and signing is performed by him.

There are two attachments:

1. bastille.git.tar.bz2  :  is the final public git repository 
                            that was created by the test run

2. run.log.tar.bz2       :  the screen output of the script (with
                            '2>&1 | tee run.log' appended after the 
                            command)

regards

George Zarkadas

PS: The run selects the quilt with patches applied branch to merge with
master branch and also merges the new 3.2.1 upstream version, without
applying any quilt patch.

[bastille.git.tar.bz2 (application/x-bzip-compressed-tar, attachment)]
[run.log.tar.bz2 (application/x-bzip-compressed-tar, attachment)]
[signature.asc (application/pgp-signature, inline)]

Reply sent to Debian FTP Masters <ftpmaster@ftp-master.debian.org>:
You have taken responsibility. (Mon, 12 Aug 2013 11:21:40 GMT) Full text and rfc822 format available.

Notification sent to Javier Fernández-Sanguino Peña <jfs@computer.org>:
Bug acknowledged by developer. (Mon, 12 Aug 2013 11:21:40 GMT) Full text and rfc822 format available.

Message #32 received at 592137-done@bugs.debian.org (full text, mbox):

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: 118613-done@bugs.debian.org,193477-done@bugs.debian.org,226092-done@bugs.debian.org,294833-done@bugs.debian.org,350441-done@bugs.debian.org,433574-done@bugs.debian.org,524599-done@bugs.debian.org,545048-done@bugs.debian.org,581444-done@bugs.debian.org,592132-done@bugs.debian.org,601027-done@bugs.debian.org,614119-done@bugs.debian.org,638835-done@bugs.debian.org,689881-done@bugs.debian.org,703186-done@bugs.debian.org,592137-done@bugs.debian.org,
Cc: bastille@packages.debian.org, bastille@packages.qa.debian.org
Subject: Bug#718783: Removed package(s) from unstable
Date: Mon, 12 Aug 2013 11:17:31 +0000
Version: 1:3.0.9-13+rm

Dear submitter,

as the package bastille has just been removed from the Debian archive
unstable we hereby close the associated bug reports.  We are sorry
that we couldn't deal with your issue properly.

For details on the removal, please see http://bugs.debian.org/718783

The version of this package that was in Debian prior to this removal
can still be found using http://snapshot.debian.org/.

This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmaster@ftp-master.debian.org.

Debian distribution maintenance software
pp.
Luca Falavigna (the ftpmaster behind the curtain)



Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Tue, 10 Sep 2013 07:30:37 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sun Apr 20 11:36:27 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.