Hardened Lunar Linux
Jean Michel Bruenn
jean.bruenn at ip-minds.de
Thu Mar 8 19:32:31 CET 2007
Hello,
since my first tries with SELinux and Grsec Kernel i'm interesting in
securing a linux system. I was thinking about a hardened moonbase or
perhaps special module names. For example:
binutils-hd
coreutils-hd
xx-hd
etc.
Or simply a moonbase called hd-moonbase. I would like to know, what u
would think about this. I'm trying since a few days with zlocal modules
to make such a system using patches i found (for example at the HLFS
Project, and on other pages). I've rewritten some old patches, too.
I'm compiling atm the base things, like coreutils, binutils, glibc, gcc
etc. Everything seems compiling good.
Why do i ask for special modules or a second moonbase? Cause: Not everyone
wants to use those patches. Not everyone needs them. This patches and
so changed modules are especially useful for ppl who wants a secured
system. Thats why i don't want to just submit these patches to the modules
in the working moonbase everyone uses.
The work on this 'secured' system should go slowly, cause the main work
should be done at the normal lunar linux. And in the secured system we
could have many patches - So i would say updates would go much slowlier
in the secured system, than in the normal one.
Tell me your opinion - If it's interested i can send the modules so that
ppl can try it out.
Cheers
Jean
More information about the Lunar-dev
mailing list