lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <405F1D05.4090502@users.sourceforge.net>
From: ywpurna at users.sourceforge.net (Yusuf Wilajati Purna)
Subject: a secure base system

Hi,

harry wrote:

> 
> the standard we use here is debian, so i guess i'm stuck to debian (or
> maybe trusteddebian, which i'm looking into right now) (no bsd :()
> RSBAC provides everything SELinux has, and more ==> which is in adamantix
> 
> i'll see for a 2.6 kernel (since 2.4 and noexec doesn't help very much)
> 
> remote logging (without a doubt)
> 
> noexec, nodev, nosuid, ... on parts that we don't need
If you prefer a much simpler system, but still would like to use
a MAC-like approach, I think you can use LIDS 1.2.0 for kernel 2.4.25.

I have just released LIDS 1.2.0 for kernel 2.4.25. In this version,
LIDS is enhanced with a security feature implementing
Trusted Path Execution (TPE). See
http://www.lids.org/document/LIDS-TPE-feature.txt
for more info. In TPE mode, LIDS will only execute binaries as
well as libraries, and even load kernel modules as far as
they are protected (by lids ACLs).


Thank you,
purna




-- 
Yusuf Wilajati Purna <ywpurna@...rs.sourceforge.net>
1024D/7354A078
Key fingerprint = 7F4F 8433 C65F 3502 BC93  F529 BFDE F939 7354 A078


Powered by blists - more mailing lists