1# Q: Would you like to enforce password aging? [Y] 2AccountSecurity.passwdage="Y" 3# Q: Should Bastille disable clear-text r-protocols that use IP-based authentication? [Y] 4AccountSecurity.protectrhost="Y" 5# Q: Should we disallow root login on tty's 1-6? [N] 6AccountSecurity.rootttylogins="Y" 7# Q: What umask would you like to set for users on the system? [077] 8AccountSecurity.umask="077" 9# Q: Do you want to set the default umask? [Y] 10AccountSecurity.umaskyn="Y" 11# Q: Would you like to deactivate the Apache web server? [Y] 12Apache.apacheoff="Y" 13# Q: Would you like to password protect single-user mode? [Y] 14BootSecurity.passsum="Y" 15# Q: Should we restrict console access to a small group of user accounts? [N] 16ConfigureMiscPAM.consolelogin="Y" 17# Q: Which accounts should be able to login at console? [root] 18ConfigureMiscPAM.consolelogin_accounts="root" 19# Q: Would you like to put limits on system resource usage? [N] 20ConfigureMiscPAM.limitsconf="Y" 21# Q: Would you like to set more restrictive permissions on the administration utilities? [N] 22FilePermissions.generalperms_1_1="Y" 23# Q: Would you like to disable SUID status for mount/umount? 24FilePermissions.suidmount="Y" 25# Q: Would you like to disable SUID status for ping? [Y] 26FilePermissions.suidping="Y" 27# Q: Would you like to disable SUID status for traceroute? [Y] 28FilePermissions.suidtrace="Y" 29# Q: Do you need the advanced networking options? 30Firewall.ip_advnetwork="Y" 31# Q: Should Bastille run the firewall and enable it at boot time? [N] 32Firewall.ip_enable_firewall="Y" 33# Q: Would you like to run the packet filtering script? [N] 34Firewall.ip_intro="Y" 35# Q: Interfaces for DHCP queries: [ ] 36Firewall.ip_s_dhcpiface=" " 37# Q: DNS servers: [0.0.0.0/0] 38Firewall.ip_s_dns="10.184.9.1" 39# Q: ICMP allowed types: [destination-unreachable echo-reply time-exceeded] 40Firewall.ip_s_icmpallowed="destination-unreachable echo-reply time-exceeded" 41# Q: ICMP services to audit: [ ] 42Firewall.ip_s_icmpaudit=" " 43# Q: ICMP types to disallow outbound: [destination-unreachable time-exceeded] 44Firewall.ip_s_icmpout="destination-unreachable time-exceeded" 45# Q: Internal interfaces: [ ] 46Firewall.ip_s_internaliface=" " 47# Q: TCP service names or port numbers to allow on private interfaces: [ ] 48Firewall.ip_s_internaltcp=" " 49# Q: UDP service names or port numbers to allow on private interfaces: [ ] 50Firewall.ip_s_internaludp=" " 51# Q: Masqueraded networks: [ ] 52Firewall.ip_s_ipmasq=" " 53# Q: Kernel modules to masquerade: [ftp raudio vdolive] 54Firewall.ip_s_kernelmasq="ftp raudio vdolive" 55# Q: NTP servers to query: [ ] 56Firewall.ip_s_ntpsrv=" " 57# Q: Force passive mode? [N] 58Firewall.ip_s_passiveftp="N" 59# Q: Public interfaces: [eth+ ppp+ slip+] 60Firewall.ip_s_publiciface="eth+ ppp+ slip+" 61# Q: TCP service names or port numbers to allow on public interfaces:[ ] 62Firewall.ip_s_publictcp=" " 63# Q: UDP service names or port numbers to allow on public interfaces:[ ] 64Firewall.ip_s_publicudp=" " 65# Q: Reject method: [DENY] 66Firewall.ip_s_rejectmethod="DENY" 67# Q: Enable source address verification? [Y] 68Firewall.ip_s_srcaddr="Y" 69# Q: TCP services to audit: [telnet ftp imap pop3 finger sunrpc exec login linuxconf ssh] 70Firewall.ip_s_tcpaudit="telnet ftp imap pop3 finger sunrpc exec login linuxconf ssh" 71# Q: TCP services to block: [2049 2065:2090 6000:6020 7100] 72Firewall.ip_s_tcpblock="2049 2065:2090 6000:6020 7100" 73# Q: Trusted interface names: [lo] 74Firewall.ip_s_trustiface="lo" 75# Q: UDP services to audit: [31337] 76Firewall.ip_s_udpaudit="31337" 77# Q: UDP services to block: [2049 6770] 78Firewall.ip_s_udpblock="2049 6770" 79# Q: Would you like to add additional logging? [Y] 80Logging.morelogging="Y" 81# Q: Would you like to set up process accounting? [N] 82Logging.pacct="N" 83# Q: Do you have a remote logging host? [N] 84Logging.remotelog="N" 85# Q: Would you like to disable acpid and/or apmd? [Y] 86MiscellaneousDaemons.apmd="Y" 87# Q: Would you like to deactivate NFS and Samba? [Y] 88MiscellaneousDaemons.remotefs="Y" 89# Q: Would you like to disable printing? [N] 90Printing.printing="Y" 91# Q: Would you like to disable printing? [N] 92Printing.printing_cups="Y" 93# Q: Would you like to display "Authorized Use" messages at log-in time? [Y] 94SecureInetd.banners="Y" 95# Q: Should Bastille ensure inetd's FTP service does not run on this system? [y] 96SecureInetd.deactivate_ftp="Y" 97# Q: Should Bastille ensure the telnet service does not run on this system? [y] 98SecureInetd.deactivate_telnet="Y" 99# Q: Who is responsible for granting authorization to use this machine? 100SecureInetd.owner="its owner" 101# Q: Would you like to set a default-deny on TCP Wrappers and xinetd? [N] 102SecureInetd.tcpd_default_deny="Y" 103# Q: Do you want to stop sendmail from running in daemon mode? [Y] 104Sendmail.sendmaildaemon="Y" 105# Q: Would you like to install TMPDIR/TMP scripts? [N] 106TMPDIR.tmpdir="N" 107