[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Secure Linux Alternatives
Francisco Camargos wrote:
> We can start by listing the most used ways to exploit systems and the way
> to protect from these exploits.
That's a fine approach for studying the security problem, and it is the approach
that I took four years ago. I recommend it to those seeking to really understand
the practical security problem.
But it is not the charter of the securedistros mailing list. The charter of this
list is to discuss & compare existing secure Linux distributions, so that people
can learn from what each other have done.
While it may be true that the securedistros list has been very quiet lately, and
it certainly is true that it got found by spammers a week or two ago, it is most
definitely NOT the case that secure Linux distribution development is dead. Both
the Bastille and Immunix distributions are very active, both having released major
versions this quarter.
Instead of trying to start from ground zero and try to define what a wished-for
secure distro might contain, I think it might be more constructive to examine the
secure distros that exist, and learn from them. Here's the ones that I know about
(in alphabetical order, taken from the Linux Weekly News security section
http://lwn.net/bigpage.php3#security ):
* Bastille http://www.bastille-linux.org/ : a "tighten" script for Red Hat
Linux that changes all the defaults to a secure configuration, i.e. turn
everything off and then selectively re-enable only what you need.
* Immunix http://immunix.org/ (my company's product): hardens components with
a variety of technologies to provide "security bug tolerance", i.e. even
though there may be bugs discovered in Linux components, Immunix tools try to
ensure that those bugs will not be exploitable vulnerabilities.
* Khaos Linux http://www.kha0s.org/ : defunct? The web site no longer
responds.
* Nexus Linux http://Nexus-Project.net/ : I don't know much about this
project.
* Secure Linux http://www.reseau.nl/nl/securelinux/index.html : Defunct? The
web site no longer responds.
* Secure Linux (Flask) http://www.cs.utah.edu/flux/fluke/html/linux.html :
joint effort between the NSA and U.Utah researchers to integrate the Flask
http://www.cs.utah.edu/flux/fluke/html/flask.html security technology package
into Linux. Flask is based on the DTOS/Mach architecture that (IIRC) is
primarily based on capabilities.
* Trustix http://www.trustix.com/ : I'm not sure what it is about Trustix that
would cause one to trust it. Trustix seems to have had a lot of security
vulnerabilities announced lately :-)
http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-07-8&msg=00f801bfeb7a$598fd880$cb00030a@seifried.org
,
http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-06-8&msg=03d7lqvqhe.fsf@colargol.tihlde.hist.no
Crispin
--
Crispin Cowan, Chief Scientist, WireX Communications, Inc. http://wirex.com
Free Hardened Linux Distribution: http://immunix.org
-
Securedistros: A common list for all secured Linux distributions
Archive: http://humbolt.nl.linux.org/lists/