- Hardened Gentoo
Hardened Gentoo is a project of
Gentoo Linux that is enhancing the distribution with security addons. Current security enhancements to Gentoo Linux can be:*
SELinux
**A system of mandatory access controls.SELinux can enforce the security policy over all processes and objects in the system, and is an optional feature in all 2.6 kernel source packages.
*RSBAC
**A mandatory access control security system based on Generalized Framework for Access Control (GFAC). It provides several standard and custom (and mixables) access control models. It can enforceoperating system access rules.
*PaX /grsecurity
**grsecurity is a complete security solution providing such features as a MAC orRBAC system,chroot restrictions, address space modification protection (viaPaX ), auditing features, randomization features, linking restrictions to prevent file race conditions, ipc protections and much more.
*Hardened Toolchain
**Transparent implementation ofPaX address space layout randomizations and stack smashing protections using ELF shared objects as executables.
*sys-kernel/hardened-sources
**A kernel source package which includes patches for hardened subprojects, and stability/security-oriented patches, includingGrsecurity .
*Bastille Linux
**Bastille Linux is an interactive application which gives the user suggestions on securing their machine. It will be customized to make suggestions about other Hardened Gentoo subprojects.The Mandatory Access Control (MAC) parts of SELinux, RSBAC and grsecurity are usually incompatible to each other.However, the chroot and network restrictions of grsecurity and the memory protection of PaX can be used with the SELinux MAC model for example.
See also
*
Comparison of Linux distributions External links
* [http://hardened.gentoo.org Hardened Gentoo homepage]
Wikimedia Foundation. 2010.