Hardened Gentoo is a project which oversees the research, implementation, and maintainence of security oriented projects for Gentoo Linux. We are a team of very competent individuals dedicated to bringing advanced security to Gentoo with a number of subprojects.
Hardened Gentoo's purpose is to make Gentoo viable for high security, high stability production server environments. This project is not a standalone project disjoined from Gentoo proper; it is intended to be a team of Gentoo developers which are focused on delivering solutions to Gentoo that provide strong security and stability. These solutions will be available in Gentoo once they've been tested for security and stability by the Hardened team.
| Developer | Nickname | Role |
| Bryan Stine | battousai | Member ( Bastille ) |
| Gordon Malm | gengor | Member ( PaX/Grsecurity Hardened Toolchain ) |
| Gysbert Wassenaar | nixnut | Member ( PPC arch team liaison ) |
| Chris PeBenito | pebenito | Member ( SELinux ) |
All developers can be reached by e-mail using nickname@gentoo.org.
The hardened project has the following subprojects:
| Project | Lead | Description |
| SELinux | Chris PeBenito | SELinux is a system of mandatory access controls. SELinux can enforce the security policy over all processes and objects in the system. |
| RSBAC | RSBAC is Mandatory Access Control security system based on the GFAC framework logic. It includes standard models, like the Role Compatibility, Access Control Lists and Mandatory Access Control. RSBAC enforces access control rules on your operating system. | |
| PaX/Grsecurity | Gordon Malm | Grsecurity is a complete security solution providing such features as a MAC or RBAC system, Chroot restrictions, address space modification protection (via PaX), auditing features, randomization features, linking restrictions to prevent file race conditions, ipc protections and much more. |
| Hardened Toolchain | Gordon Malm | Transparent implementation of PaX address space layout randomizations and stack smashing protections using ELF shared objects as executables. |
| Hardened-Sources | Gordon Malm | A kernel which provides patches for hardened subprojects, and stability/security oriented patches. Includes Grsecurity and SELinux. |
| Bastille | Bryan Stine | Bastille is an interactive application which gives the user suggestions on securing their machine. It will be customized to make suggestions about other Hardened Gentoo subprojects. |
The hardened project has the following subprojects planned:
| Project | Description |
| Security Documentation | Maintain documentation about best practices, and general security measures such as process limiting, setting quotas, securing systems with kerberos, chrooting, tightening services, etc. |
Resources offered by the hardened project are:
The hardened project maintains the following herds:
| Herd | Members | Description |
| hardened | battousai, chainsaw, dragonheart, gengor, nixnut, pebenito, solar | Hardened Gentoo project packages and policy |
To participate in the Hardened Gentoo project first join the mailing list at gentoo-hardened@gentoo.org. Then ask if there are plans to support something that you are interested in, propose a new subproject that you are interested in or choose one of the planned subprojects to work on. You may talk to the developers and users in the IRC channel #gentoo-hardened on irc.freenode.net for more information or just to chat about the project or any subprojects. If you don't have the ability to actively help by contributing work we will always need testers to maintain the security and stability of the overall product. All development, testing, and productive comments and feedback will be greatly appreciated.