| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: ywpurna at users.sourceforge.net (Yusuf Wilajati Purna) Subject: a secure base system Hi, harry wrote: > > the standard we use here is debian, so i guess i'm stuck to debian (or > maybe trusteddebian, which i'm looking into right now) (no bsd :() > RSBAC provides everything SELinux has, and more ==> which is in adamantix > > i'll see for a 2.6 kernel (since 2.4 and noexec doesn't help very much) > > remote logging (without a doubt) > > noexec, nodev, nosuid, ... on parts that we don't need If you prefer a much simpler system, but still would like to use a MAC-like approach, I think you can use LIDS 1.2.0 for kernel 2.4.25. I have just released LIDS 1.2.0 for kernel 2.4.25. In this version, LIDS is enhanced with a security feature implementing Trusted Path Execution (TPE). See http://www.lids.org/document/LIDS-TPE-feature.txt for more info. In TPE mode, LIDS will only execute binaries as well as libraries, and even load kernel modules as far as they are protected (by lids ACLs). Thank you, purna -- Yusuf Wilajati Purna <ywpurna@...rs.sourceforge.net> 1024D/7354A078 Key fingerprint = 7F4F 8433 C65F 3502 BC93 F529 BFDE F939 7354 A078
Powered by blists - more mailing lists