Gentoo Archives: gentoo-hardened

From: Marco Venutti <veeenrg@×××××.com>
To: gentoo-hardened@l.g.o
Subject: Re: [gentoo-hardened] "How hard" is Linux kernel-side hardening?
Date: Sun, 20 Sep 2009 14:16:35
In Reply to: Re: [gentoo-hardened] "How hard" is Linux kernel-side hardening? by "Javier J. Martínez Cabezón"

The jail bug were corrected long ago, and was limited to this module
only (in rsbac petitions pass to all modules that are stacked, not
only this one, and if only one module deny the request, is denied
forever though jail don't work properly).

Since I'm a recent Linux user and  I'm not a security cultured,
I've chosen GR-Security, as starting point,
because of its user-friendliness, in fact you can enforce,
the bare kernel, also if you are not deeply experienced
in Linux security...
this is my case, so I appreciate this opportunity!

I've started from the "Gentoo Hardened Workstation"
profile and, then, I've done some gradm experiments...
these facts in the near past.

I consider myself illiterate, in matter of security,
but I'd like to load, a little-little-bit, my lacunas,
just for the intellectual pleasure, I feel in satisfy
my curiousity.

I'm not a professional, thus I don't have
servers to manage, just a couple of workstations,
so my needs are, probably, easier to fit...
no special high security enforcements are required;
this should also be good because gives me
the chance to start little, 'cause, in effect I've
little needs!

Today is Sunday and I can read some docs,
I'm interested in RSBAC and I'm starting to read
RSBAC handbook, but at the moment I'm
using, yet, GR-Security beacuse of the previous

I'll be glad if there's anybody willing
to indicate me any non-official-but-good how-to
and/or any sort of tip useful to get done
to "lock-down" my workstation about RSBAC,
but I'll appreciate GR-Sec.'s.
This section is intended to be a request of
a little help and does not mean:
"Is there anybody does my task, plese?"
I've specified the sense of the statement,
just to clear every possible ambiguity.

I wish you a good sunday afternoon ;-)


Subject Author
Re: [gentoo-hardened] "How hard" is Linux kernel-side hardening? "Javier J. Martínez Cabezón" <tazok.id0@×××××.com>