Hardened Gentoo
1.
Project Description
Hardened Gentoo is a project which oversees the research, implementation, and
maintenance of security oriented projects for Gentoo Linux. We are a team of
very competent individuals dedicated to bringing advanced security to Gentoo
with a number of subprojects.
2.
Project Goals
Hardened Gentoo's purpose is to make Gentoo viable for high security, high
stability production server environments. This project is not a standalone
project separated from the rest of Gentoo. Instead, it is intended to be a team
of Gentoo developers which are focused on delivering solutions to Gentoo that
provide strong security and stability. These solutions will be available in
Gentoo once they've been tested for security and stability by the Hardened team.
3.
Developers
Developer |
Nickname |
Role |
Tony Vroon |
chainsaw |
Member ( Hardened sources ) |
Bryan Stine |
battousai |
Member ( Bastille Lead ) |
Anthony G. Basile |
blueness |
Member ( PaX/Grsecurity, Hardened sources ) |
Gordon Malm |
gengor |
Member ( PaX/Grsecurity, Hardened sources ) |
Gysbert Wassenaar |
nixnut |
Member ( PPC arch team liaison ) |
Matthew Summers |
quantumsummers |
Member ( Hardened sources, Doc ) |
Magnus Granberg |
zorry |
Project Lead ( Hardened Toolchain, Doc ) |
Members from subproject
SELinux |
|
|
Anthony G. Basile |
blueness |
Developer ( Policy development, Proxy (non developer contributors) ) |
Chris PeBenito |
pebenito |
Developer ( Policy development, Userspace tools ) |
Matt Thode |
prometheanfire |
Developer ( Policy development, Support ) |
Sven Vermeulen |
swift |
Lead ( Documentation, Userspace tools, Policy development ) |
All developers can be reached by e-mail using nickname@gentoo.org.
4.
Subprojects
The hardened
project has the following subprojects:
Project |
Lead |
Description |
SELinux
|
Sven Vermeulen |
SELinux is a system of mandatory access controls. SELinux can enforce the security policy over all processes and objects in the system. |
PaX/Grsecurity |
Anthony G. Basile |
Grsecurity is a complete security solution providing such features as a MAC or
RBAC system, Chroot restrictions, address space modification protection (via
PaX), auditing features, randomization features, linking restrictions to prevent
file race conditions, ipc protections and much more.
|
Hardened Toolchain |
Magnus Granberg |
Transparent implementation of
PaX address space
layout randomizations and stack smashing protections using ELF shared objects as
executables.
|
Hardened-Sources |
Anthony G. Basile |
A kernel which provides patches for hardened subprojects, and stability/security
oriented patches. Includes Grsecurity and SELinux.
|
Bastille |
Bryan Stine |
Bastille is an interactive application which gives the user suggestions on
securing their machine. It will be customized to make suggestions about other
Hardened Gentoo subprojects.
|
5.
Resources
Resources offered by the
hardened
project are:
6.
Herds
The hardened
project maintains the following herds:
Herd |
Members |
Description |
hardened |
blueness, chainsaw, gengor, klondike, lejonet, nixnut, pebenito, prometheanfire, solar, swift, zorry |
Hardened Gentoo project packages and policy |
selinux |
blueness, pebenito, prometheanfire, swift |
Gentoo's Security-Enhanced Linux (SELinux) packages |
7.
I Want to Participate
To participate in the Hardened Gentoo project first join the mailing list at
gentoo-hardened@lists.gentoo.org. Then ask if there are plans to
support something that you are interested in, propose a new subproject that you
are interested in, choose one of the planned subprojects to work on or simply
ask if you can help with something. You can also talk to the developers and
users in the IRC channel #gentoo-hardened on irc.freenode.net for
more information or just to chat about the project or any subprojects.
If you think you don't have the knowledge or abilities to help, then try reading
the current documents (there are always sections that can be improved or typos
which we miss) and when you feel brave enough then try writing those documents
you missed. Usually this only requires some internet research on your side and
after some documents you'll most probably be able to help with other things you
though you weren't able before.
Also, if you don't have time to actively help by contributing work we will
always need testers to maintain the security and stability of the overall
product. All development, testing, and productive comments and feedback will be
greatly appreciated.
|
|
Page updated October 25, 2010 |
Summary: Hardened Gentoo brings advanced security measures to Gentoo Linux. |
Gentoo Project script generated
|
Donate to support our development efforts.
|
|
|