aboutsummaryrefslogtreecommitdiffstats
path: root/README
diff options
context:
space:
mode:
authormulhern <mulhern@yoctoproject.org>2013-08-27 17:56:58 -0400
committermulhern <mulhern@yoctoproject.org>2013-08-30 15:42:10 -0400
commit5ec81ec5b117de41ed56eb05df271f103213d7be (patch)
treede50297afa7da628e7ca11847d10637bcdb9b525 /README
parentec1c761ad87b1dec899e9d48403ad03398a7f9ed (diff)
downloadmeta-security-5ec81ec5b117de41ed56eb05df271f103213d7be.tar.gz
meta-security-5ec81ec5b117de41ed56eb05df271f103213d7be.tar.bz2
meta-security-5ec81ec5b117de41ed56eb05df271f103213d7be.zip
Bastille: document the current status and usability of the Bastille install.
The README file is updated to indicate the functionality of Bastille that is actually available. The recipe file is updated with a pointer to the README file. An additional patch is added so that when Bastille is run in interactive mode it will not attempt to make any changes to the system. This is better than attempting to make the changes and making the screen flicker . The text on the final screen has been updated appropriately. Signed-off-by: mulhern <mulhern@yoctoproject.org>
Diffstat (limited to 'README')
-rw-r--r--README44
1 files changed, 28 insertions, 16 deletions
diff --git a/README b/README
index c9549f9..1df88b5 100644
--- a/README
+++ b/README
@@ -43,22 +43,34 @@ help for each package.
like rcp and rlogin, and helps create "chroot jails" that help limit the
vulnerability of common Internet services like Web services and DNS.
- usage : Bastille can be used via meta-security layer only in command line mode.
- To start Bastille simply write in a terminal :
-
- bastille -c
-
- If this is the first usage of Bastille on the system, the user will be
- guided through a list of questions which need to be answered. In the end,
- a config file will be created and run. After these steps, you will have a
- hardened system.
-
- If you only want to run the config file, without stepping through the
- list of questions, simply write in a terminal :
-
- bastille -b
-
- More information can be found in the package readme and manual.
+ usage : The functionality of Bastille which is available is
+ restricted to a purely informational one. The command:
+ bastille -c --os Yocto
+ will cause a series of menus containing security questions
+ about the system to be displayed to the user. For each
+ question, a default response, specified in the configuration
+ file which is installed with Bastille, will be selected.
+ The user may select an alternate response. When the user
+ has completed the sequence of menus Bastille saves the
+ responses to the configuration file.
+
+ The command:
+ bastille -l lists the configuration files that Bastille
+ is able to locate.
+
+ The other functionality which Bastille is intended to provide
+ is actually unavailable. This is not due to errors in poky
+ installation or configuration of the application. The Bastille
+ distribution is no longer supported. Significant modifications
+ would be required to make it possible to make use of the
+ functionality which is currently unavailable.
+
+
+ Additional information about Bastille can be found in the package
+ README file and other documentation.
+
+ Alternatives to Bastille include buck-security and checksecurity,
+ described elsewhere in this file.
== redhat-security ==