| 1 |
This is just an email to say welcome to all the people who joined this list today,
|
| 2 |
and to give everyone some understanding about what this project is
|
| 3 |
|
| 4 |
Although my main focus right now for this project is integration of SELinux into
|
| 5 |
portage and gentoo that is by no means the entire scope of this project.
|
| 6 |
The goal of this project is to make a profile which is very secure and also very
|
| 7 |
stable for use in secure production server environments. Additionally, this project
|
| 8 |
is not separate from Gentoo, and not a separate entity, it is an umbrella project
|
| 9 |
for developers and users who are security oriented. For this reason there
|
| 10 |
will not be a "hardened-gentoo" profile which uses everything in the project.
|
| 11 |
Each component of hardened-gentoo will be optional, just as in Gentoo, using
|
| 12 |
USE variables.
|
| 13 |
|
| 14 |
The current list of subprojects are :
|
| 15 |
SELinux integration, including kernel, userland patches, policy tools, and policies
|
| 16 |
SAL (Secure auditing for Linux)
|
| 17 |
HIDS (Host intrusion detection system) like tripwire or soffic
|
| 18 |
Stack protection in the kernel, Openwall for LSM, and in GCC with SSP
|
| 19 |
Additional encryption algorithms including crypt_blowfish and tcb
|
| 20 |
userland patches for priv seperation, chrooting
|
| 21 |
possibly grsecurity ACL's for lighter weight access control
|
| 22 |
a hardened-gentoo kernel including patches for security and for stability
|
| 23 |
a place for security oriented packages such as kerberos to be maintained
|
| 24 |
detailed documentation for everything mentioned
|
| 25 |
|
| 26 |
All of these will be optional, the more security a user wants the more
|
| 27 |
layers of protection he/she can enable.
|
| 28 |
|
| 29 |
We are soliciting help for these subprojects, especially for writing selinux
|
| 30 |
policies for many of the apps in portage, and for documentation.
|
| 31 |
If you are skilled in security, MACS or any of the projects listed and want
|
| 32 |
to help please join #gentoo-hardened on irc.freenode.net and speak
|
| 33 |
with us.
|
| 34 |
|
| 35 |
I invite everyone to come to #gentoo-hardened on freenode to talk
|
| 36 |
about the project and its scope, give comments, suggestions, etc.
|
| 37 |
|
| 38 |
I am very happy to see the amount of interest in this project, and to
|
| 39 |
be able to start a project like this.
|
| 40 |
|
| 41 |
Joshua Brindle |
Archives