Gentoo Archives: gentoo-hardened

From: Marco Venutti <veeenrg@×××××.com>
To: gentoo-hardened@l.g.o
Subject: Re: [gentoo-hardened] "How hard" is Linux kernel-side hardening?
Date: Sun, 20 Sep 2009 14:16:35
In Reply to: Re: [gentoo-hardened] "How hard" is Linux kernel-side hardening? by "Javier J. Martínez Cabezón"
1 Hi,
3 --[cut]--
4 The jail bug were corrected long ago, and was limited to this module
5 only (in rsbac petitions pass to all modules that are stacked, not
6 only this one, and if only one module deny the request, is denied
7 forever though jail don't work properly).
8 --[cut]--
10 Since I'm a recent Linux user and I'm not a security cultured,
11 I've chosen GR-Security, as starting point,
12 because of its user-friendliness, in fact you can enforce,
13 the bare kernel, also if you are not deeply experienced
14 in Linux security...
15 this is my case, so I appreciate this opportunity!
17 I've started from the "Gentoo Hardened Workstation"
18 profile and, then, I've done some gradm experiments...
19 these facts in the near past.
21 I consider myself illiterate, in matter of security,
22 but I'd like to load, a little-little-bit, my lacunas,
23 just for the intellectual pleasure, I feel in satisfy
24 my curiousity.
26 I'm not a professional, thus I don't have
27 servers to manage, just a couple of workstations,
28 so my needs are, probably, easier to fit...
29 no special high security enforcements are required;
30 this should also be good because gives me
31 the chance to start little, 'cause, in effect I've
32 little needs!
34 Today is Sunday and I can read some docs,
35 I'm interested in RSBAC and I'm starting to read
36 RSBAC handbook, but at the moment I'm
37 using, yet, GR-Security beacuse of the previous
38 concept.
40 I'll be glad if there's anybody willing
41 to indicate me any non-official-but-good how-to
42 and/or any sort of tip useful to get done
43 to "lock-down" my workstation about RSBAC,
44 but I'll appreciate GR-Sec.'s.
45 This section is intended to be a request of
46 a little help and does not mean:
47 "Is there anybody does my task, plese?"
48 I've specified the sense of the statement,
49 just to clear every possible ambiguity.
52 I wish you a good sunday afternoon ;-)


Subject Author
Re: [gentoo-hardened] "How hard" is Linux kernel-side hardening? "Javier J. Martínez Cabezón" <tazok.id0@×××××.com>