We've just finished adding a major new mission to Bastille Linux -- it now does hardening assessment! The US Government's TSWG helped us add this functionality. You can read about it in an interview I did with Jay Lyman, of Newsforge.

Until today, Bastille could only harden or "lock down" systems. It did this by deactivating unnecessary operating system components and better configuring the ones that remained. It took proactive steps to make a system harder to compromise, reducing the probability that the next item in the attacker's toolkit will be successful against your system. We've just finished adding reporting functionality to Bastille, so that it can tell you what parts of the system aren't locked down.

The link for this article located at Jay Beale is no longer available.