Hardened Gentoo
1.
Project Description
Hardened Gentoo is a project which oversees the
research, implementation, and maintainence of security oriented
projects for Gentoo Linux. We are a team of very competent
individuals dedicated to bringing advanced security to Gentoo
with a number of subprojects.
2.
Project Goals
Hardened Gentoo's purpose is to make Gentoo viable for
high security, high stability production server environments.
This project is not a standalone project disjoined from Gentoo
proper; it is intended to be a team of Gentoo developers which
are focused on delivering solutions to Gentoo that provide strong
security and stability. These solutions will be available in
Gentoo once they've been tested for security and stability by the
Hardened team.
3.
Developers
| Developer |
Nickname |
Role |
| Bryan Stine |
battousai |
Member ( Bastille ) |
| Gordon Malm |
gengor |
Member ( PaX/Grsecurity Hardened Toolchain ) |
| Gysbert Wassenaar |
nixnut |
Member ( PPC arch team liaison ) |
| Chris PeBenito |
pebenito |
Member ( SELinux ) |
All developers can be reached by e-mail using nickname@gentoo.org.
4.
Subprojects
The hardened
project has the following subprojects:
| Project |
Lead |
Description |
|
SELinux
|
Chris PeBenito |
SELinux is a system of mandatory access controls. SELinux can enforce the security policy over all processes and objects in the system. |
|
RSBAC
|
|
RSBAC is Mandatory Access Control security system based on the GFAC framework logic. It includes standard models, like the Role Compatibility, Access Control Lists and Mandatory Access Control. RSBAC enforces access control rules on your operating system. |
| PaX/Grsecurity |
Gordon Malm |
Grsecurity is a complete security solution
providing such features as a MAC or RBAC system, Chroot
restrictions, address space modification protection (via PaX),
auditing features, randomization features, linking restrictions
to prevent file race conditions, ipc protections and much more.
|
| Hardened Toolchain |
Gordon Malm |
Transparent
implementation of
PaX address space layout randomizations and stack smashing
protections using ELF shared objects as executables. |
| Hardened-Sources |
Gordon Malm |
A kernel which
provides patches for hardened subprojects, and stability/security
oriented patches. Includes Grsecurity and SELinux. |
| Bastille |
Bryan Stine |
Bastille is an
interactive application which gives the user suggestions on
securing their machine. It will be customized to make suggestions
about other Hardened Gentoo subprojects. |
5.
Planned subprojects
The hardened
project has the following subprojects planned:
| Project |
Description |
| Security Documentation |
Maintain
documentation about best practices, and general security measures
such as process limiting, setting quotas, securing systems with
kerberos, chrooting, tightening services, etc. |
6.
Resources
Resources offered by the
hardened
project are:
7.
Herds
The hardened
project maintains the following herds:
| Herd |
Members |
Description |
| hardened |
battousai, chainsaw, dragonheart, gengor, nixnut, pebenito, solar |
Hardened Gentoo project packages and policy |
8.
I Want to Participate
To participate in the Hardened Gentoo project first join
the mailing list at
gentoo-hardened@gentoo.org. Then ask if there are
plans to support something that you are interested in,
propose a new subproject that you are interested in or
choose one of the planned subprojects to work on. You may
talk to the developers and users in the IRC channel
#gentoo-hardened on
irc.freenode.net for more information or just to chat
about the project or any subprojects. If you don't have the
ability to actively help by contributing work we will
always need testers to maintain the security and stability
of the overall product. All development, testing, and
productive comments and feedback will be greatly
appreciated.
|
