A couple of questions to pay particular to are listed under security modules SecureInetd and ConfigureMiscPam. The first is "Would you like to set a default-deny on TCP Wrappers and xinitd?" and the second is "Would you like to put limits on system resource usage?"
Now that we have Bastille Linux on the system, we'll run nmap again.
#nmap -sF 192.168.1.10
Starting nmap 3.20 ( www.insecure.org/nmap/ ) at 2003-03-19 09:50 PST
Note: Host seems down. If it is really up, but blocking our ping probes, try -P0 nmap run completed -- 1 IP address (0 hosts up) scanned in 12.048 seconds
Now we'll try with the -P0 option like it says.
#nmap -P0 192.168.1.10
Starting nmap 3.20 ( www.insecure.org/nmap/ ) at 2003-03-19 10:00 PST
All 1611 scanned ports on system.foobar.com (192.168.1.10) are: filtered
So now the system is reporting no ports that are open and if you try to ping your system you should be getting no response.
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.