1 |
This is just an email to say welcome to all the people who joined this list today,
|
2 |
and to give everyone some understanding about what this project is
|
3 |
|
4 |
Although my main focus right now for this project is integration of SELinux into
|
5 |
portage and gentoo that is by no means the entire scope of this project.
|
6 |
The goal of this project is to make a profile which is very secure and also very
|
7 |
stable for use in secure production server environments. Additionally, this project
|
8 |
is not separate from Gentoo, and not a separate entity, it is an umbrella project
|
9 |
for developers and users who are security oriented. For this reason there
|
10 |
will not be a "hardened-gentoo" profile which uses everything in the project.
|
11 |
Each component of hardened-gentoo will be optional, just as in Gentoo, using
|
12 |
USE variables.
|
13 |
|
14 |
The current list of subprojects are :
|
15 |
SELinux integration, including kernel, userland patches, policy tools, and policies
|
16 |
SAL (Secure auditing for Linux)
|
17 |
HIDS (Host intrusion detection system) like tripwire or soffic
|
18 |
Stack protection in the kernel, Openwall for LSM, and in GCC with SSP
|
19 |
Additional encryption algorithms including crypt_blowfish and tcb
|
20 |
userland patches for priv seperation, chrooting
|
21 |
possibly grsecurity ACL's for lighter weight access control
|
22 |
a hardened-gentoo kernel including patches for security and for stability
|
23 |
a place for security oriented packages such as kerberos to be maintained
|
24 |
detailed documentation for everything mentioned
|
25 |
|
26 |
All of these will be optional, the more security a user wants the more
|
27 |
layers of protection he/she can enable.
|
28 |
|
29 |
We are soliciting help for these subprojects, especially for writing selinux
|
30 |
policies for many of the apps in portage, and for documentation.
|
31 |
If you are skilled in security, MACS or any of the projects listed and want
|
32 |
to help please join #gentoo-hardened on irc.freenode.net and speak
|
33 |
with us.
|
34 |
|
35 |
I invite everyone to come to #gentoo-hardened on freenode to talk
|
36 |
about the project and its scope, give comments, suggestions, etc.
|
37 |
|
38 |
I am very happy to see the amount of interest in this project, and to
|
39 |
be able to start a project like this.
|
40 |
|
41 |
Joshua Brindle |