Bastille is a system hardening / lockdown program which enhances the
security of a Unix host. It configures daemons, system settings and
firewalls to be more secure. It can shut off unneeded services and r-tools,
like rcp and rlogin, and helps create "chroot jails" that help limit the
vulnerability of common Internet services like Web services and DNS.

This tool currently hardens Red Hat Enterprise Linux, Legacy, and Fedora
Core, as well as Debian, SUSE, Gentoo, Mandrake Linux, Mac OS X, and HP-UX.

If run in the preferred Interactive mode, it can teach you a good deal about
Security while personalizing your system security state. If run in the
quicker Automated mode, it can quickly tighten your machine, but not nearly
as effectively (since user/sysadmin education is an important step!)

Bastille can also assess the state of a system, which may serve as
an aid to security administrators, auditors and system administrators
who wish to investigate the state of their system's hardening without
making changes to such.

To run:

-bastille [(-b|-c|-r|-x|--assess|--assessnobrowser)]

-b : use a saved config file to apply changes directly to system
-c : use the Curses (non-X11) GUI
-r : revert Bastille changes to original file versions (pre-Bastille)
-x : use the Perl/Tk (X11) GUI
--assess : use the assessment functionality, viewing results in a browser
--assessnobrowser: use the assessment functionality without a browser