This is a difficult question to answer because I don't know what your security requirements are or what you are trying to protect against. Bastille and SELinux perform two quite different functions. Bastille is a hardening tool that secures elements of Linux/Unix-based operating systems. It is generally run once or perhaps twice a month to ensure the hardening settings are maintained. As such it's a fairly low-maintenance control, but it only secures a limited set of configuration items.
Alternatively, SELinux is a mandatory access control tool that can monitor all processes on your host and block activities that are inappropriate, or outside a specified policy. It runs inside the kernel, and requires configuration and generally some ongoing management. It is a much more comprehensive and complex control with a correspondingly greater overhead. As a control, and if configured correctly, SELinux has the potential to be highly effective in blocking attackers' attempts to compromise your hosts.
So selecting which control to implement really depends on:
a) What your security requirements are, and b) What capacity and capability you have to implement and manage security controls.
Dig Deeper on Linux servers
Related Q&A from James Turnbull
A user wants to implement OSSEC on a Windows server because he has no server side Linux operating system. Continue Reading
Solaris 10 Trusted Extensions and SELinux are best suited to different system requirements and administrator skill sets. Our security expert explains... Continue Reading
Configuring spam filters Spamassassin and dspam together in the email server Postfix is easy with the resources listed by our security expert. Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.