6.2. Bastille Linux

http://bastille-linux.sourceforge.net/ is an automatic hardening tool originally oriented towards the Red Hat and Mandrake Linux distributions. However, the bastille package provided in Debian (since woody) is patched in order to provide the same functionality for Debian GNU/Linux systems.

Bastille can be used with different frontends (all are documented in their own manpage in the Debian package) which enables the administrator to:

Answer questions step by step regarding the desired security of your system (using InteractuveBastille(8)
Use a default setting for security (amongst three: Lax, Moderate or Paranoia) in a given setup (server or workstation) and let Bastille decide which security policy to implement (using BastilleChooser(8)).
Take a predefined configuration file (could be provided by Bastille or made by the administrator) and implement a given security policy (using AutomatedBastille(8)).