Running Bastille on OS X 10.3

Securing your Mac OS X 10.3 with Bastille.

Note: This tutorial assumes you have a basic understanding of the Mac OS X terminal command line and that you have the Apple Developer Tools installed on your computer and are comfortable compiling applications from source code. This tutorial is only good for OS X 10.2 and 10.3.

Bastille is an operating system hardening program. It was originally designed for *nix operating systems. Since Mac OS X is based on a flavor of BSD which is a branch of Unix it only makes sense that Bastille would work on OS X as well. The following is instructions on how to install and run the Bastille program on your Mac to either harden your current installation or to evaluate your current installation to see how secure it really is. Beware you are now going into the world of BSD so you better be comfortable on the command line.

The first thing you need to do is go and download yourself a copy of Bastille at www.bastille-linux.org/source.htm. We will want to get a copy of the source code for this installation. If you are still running OS X 10.2 you should read the OS X 10.2 specific instructions available here http://www.bastille-linux.org/os_x_10_2.htm.

Open up the terminal and browse to the directory you downloaded the tarball to. Now run the command

tar -xjvf Bastille.tar.bz2

This will un-zip and un-tar the sources and create a Directory named Bastille.

Now in order for you to run Bastille in Graphical Mode you will need to have X11 installed on your Mac. If you do not have it installed yet luckily X11 comes free on your Tiger or Panther Install DVD. Just open up the install DVD and Click on Optional Installs then select the X11 package.

Now that X11 is installed and working you can run the install script.

Open the Terminal and go Back into the directory you unpacked Bastille into.
Go into the Bastille directory

cd Bastille

Now run the install script for OS X

sh Install-OSX.sh

The GUI for the Bastille program depends on the Perl module Tk. By default it is not installed on a regular Mac OS X system. The easiest way to install the Tk module is to use the cpan program from the command line. You will need to have a few more programs installed in order for cpan to run correctly. They are wget, ncftp.

To install wget get the source code at ftp://ftp.gnu.org/pub/gnu/wget/wget-1.10.1.tar.gz.

Now go to the directory where you downloaded the sources to and run the following commands.
1. Untar and unzip the archive
tar xzvf wget-1.10.2.tar.gz

2. Go into the un-archived directory
cd wget-1.10.2

3. Run the configure script to get the source code configured for Mac OS X
./configure

4. Build the source code
make

5. Install the source code in its proper place (/usr/local/bin)
make install

You should now be able to run the wget commmand from the terminal command line. If you get command not found, check your PATH and make sure /usr/local/bin is in your shells path.

Ncftp is an easier install. You can get the .dmg from http://www.ncftp.com/download/ make sure you download the Ncftp Client and not the server. Install the .dmg as you would any other application.

Now that you have the required programs installed, run the cpan program from the commmand line

cpan

You will be asked to set up the cpan program if you have never used it before. I was able to configure it by accepting all of the defaults. If you use a proxy for HTTP or FTP then you will be prompted for the proxies during the cpan configuration. Once the configuration is complete you will be dropped into the cpan prompt that will look like this:

cpan>

Here we will need to install the Perl Tk module with the following command.

cpan> install module Tk

Be patient, this will take a few minutes to download, compile, and install.

Now you will be able to run the Bastille program to harden your install of OS X.

As soon as the new version of Bastille that supports OS X 10.4 is available I will revise this tutorial.