Re: "Debian hardened" ;-)

Albretch Mueller wrote:
> I am not trying to bait anyone into an argument. It is just that
> IMHO, even though I see that gentoo has its appeal and value, using it
> for servers is not such as manageable as other distros.
> ~
> However, I still like very much the gentoo hardened project.
> ~
> // __ http://www.gentoo.org/proj/en/hardened/
> ~
> // __ http://www.gentoo.org/proj/en/hardened/hardenedfaq.xml
> ~
> Do you know of Debian based attempts to security including all these
> sec features gentoo Linux does?
> ~
> http://sourceforge.net/projects/debianhardened
> ~
> Doesn't seem to be active for almost more than 3 years already
> ~
> I am concretely trying to device something like a Debian baseline
> with a gentoo hardened-like security infrastructure
> ~
> There exist tutorials on how to setup SELinux on Debian
> ~
> http://wiki.debian.org/SELinux/Setup
> ~
> I am trying to also setup on top of it stuff like PaX/Grsecurity,
> RSBAC ... a la gentoo hardened
> ~
> Any ideas you would like to share?

Work is under way. See http://wiki.debian.org/Hardening for a brief outline. A prototype wrapper has been hacked together and Lucas Nussbaum did a full archive rebuild for i386 with most of the hardening options enabled. This needs a little bit more work, but after that it should be ready to be announced to the developers at a larger scale.

Cheers,

        Moritz

-- 
To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org