| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <096c7fc1-03e5-ab6d-683b-a7e3365d4e5f@riseup.net> Date: Thu, 27 Sep 2018 07:10:00 +0000 From: TNT BOM BOM <bo0od@...eup.net> To: debian-derivatives-request@...ts.debian.org, tor-talk@...ts.torproject.org, fulldisclosure@...lists.org, liberationtech <liberationtech@...ts.stanford.edu> Cc: Patrick Schleizer <adrelanos@...eup.net> Subject: [FD] Hardened Debian Security Focused Distribution - Feedback Wanted! === scope === * will be initially released for VMs (VirtualBox, Qubes, maybe KVM) * “sudo apt-get install hardened-debian-cli” will be possible on bare metal Debian hosts, in other words installations of Debian can be easily converted into Hardened Debian by installing the hardened-debian-cli or other hardened debian package * maybe later available as ISO for installation on hardware depending on community interest and support === hardening by default in Hardened Debian version 1 === * install haveged by default for better entropy * sdwdate (https://github.com/Whonix/sdwdate) rather than insecure NTP (https://www.whonix.org/wiki/Dev/TimeSync) * security-misc (https://github.com/Whonix/security-misc) - (deactivates previews in Dolphin; deactivates previews in Nautilus; deactivates TCP timestamps; deactivates Netfilter’s connection tracking helper;) * open-link-confirmation * enable apparmor by default * available apparmor profiles (https://github.com/Whonix?utf8=%E2%9C%93&q=apparmor-profile&type=&language=) * hopefully spectre / meltdown resistant by default (https://forums.whonix.org/t/whonix-vulerable-due-to-missing-processor-microcode-packages-spectre-meltdown-retpoline-l1-terminal-fault-l1tf/5739) === hardening by default in Hardened Debian version 2 === * hardened browser (https://www.whonix.org/wiki/Tor_Browser_without_Tor Tor Browser without Tor) === hardening by default in Hardened Debian version 3 === * better kernel version (https://forums.whonix.org/t/kernel-versions-and-security/5791) === usability by default === * https://github.com/Whonix/shared-folder-help 2 * https://github.com/Whonix/usability-misc 2 === desktop environment === - initially will be available most likely for: * CLI only (console only, no desktop environment) * KDE - Later on likely for: * XFCE === vision === * computer security community is larger than computer anonymity community - we can work on a shared interest that is security * we apply as many security settings by default * we apply as much as default from * Hardened Debian will be the base for Whonix - Anonymous Operating System (https://www.whonix.org/wiki/System_Hardening_Checklist Whonix is applying most of above already anyhow) === development status of version 1 === * approximately 50% done * meta package "hardened-debian-kde" and "hardened-debian-cli" exist - https://github.com/Whonix/anon-meta-packages/blob/master/debian/control * most packages working (since reused from Whonix) * build script ready (--flavor hardened-debian-kde / --hardened-debian-cli) * builds successfully === temporary homepage === * https://www.whonix.org/wiki/Hardened_Debian === Questions === * Are you interested in Hardened Debian? What do you think? What would you like to see? Any suggestions? _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists