Hardened Gentoo

1. Project Description

Hardened Gentoo is a project which oversees the research, implementation, and maintenance of security oriented projects for Gentoo Linux. We are a team of very competent individuals dedicated to bring advanced security to Gentoo with a number of subprojects.

2. Project Goals

Hardened Gentoo's purpose is to make Gentoo viable for highly secure, high stability production server environments. This project is not a standalone project separated from the rest of Gentoo. Instead, it is intended to be a team of Gentoo developers who are focused on delivering solutions to Gentoo that provide strong security and stability. These solutions will be available in Gentoo once they've been tested for security and stability by the Hardened team.

3. Developers

Developer	Nickname	Role
Tony Vroon	chainsaw	Member ( Hardened sources )
Sven Vermeulen	swift	Member ( SELinux )
Anthony G. Basile	blueness	Member ( PaX/Grsecurity, Hardened sources )
Gordon Malm	gengor	Member ( PaX/Grsecurity, Hardened sources )
Francisco Blas Izquierdo Riera	klondike	Member ( Doc, PR )
Daniel Kuehn	lejonet	Member ( Hardened sources )
Gysbert Wassenaar	nixnut	Member ( PPC arch team liaison )
Chris PeBenito	pebenito	Member ( SELinux )
Matt Thode	prometheanfire	Member ( SELinux )
Matthew Summers	quantumsummers	Member ( Hardened sources, Doc )
Magnus Granberg	zorry	Project Lead ( Hardened Toolchain, Doc )

All developers can be reached by e-mail using nickname@gentoo.org.

4. Contributors

The following people although non-developer are actively contributing to the project:

Contributor	Nickname	Role
Chris Richards	gizmo	Policy development, support (SELinux)

5. Subprojects

The hardened project has the following subprojects:

Project	Lead	Description
SELinux	Sven Vermeulen	SELinux is a system of mandatory access controls. SELinux can enforce the security policy over all processes and objects in the system.
RSBAC	Anthony G. Basile	RSBAC is Mandatory Access Control security system based on the GFAC framework logic. It includes standard models, like the Role Compatibility, Access Control Lists and Mandatory Access Control. RSBAC enforces access control rules on your operating system.
PaX/Grsecurity	Anthony G. Basile	Grsecurity is a complete security solution providing such features as a MAC or RBAC system, chroot restrictions, address space modification protection (via PaX), auditing features, randomization features, linking restrictions to prevent file race conditions, ipc protections and much more.
Hardened Toolchain	Magnus Granberg	Transparent implementation of PaX address space layout randomizations and stack smashing protections using ELF shared objects as executables.
Hardened Kernel Sources	Anthony G. Basile	A kernel which provides patches for hardened subprojects, and stability/security oriented patches. Includes Grsecurity and SELinux.

6. Resources

Resources offered by the hardened project are:

Introduction to Hardened Gentoo
Hardened Frequently Asked Questions
Hardened Roadmap
Hardened Debugging
Using Xorg with Hardened
Hardened Toolchain Technical Description
A quickstart covering PaX and Hardened Gentoo
PaX Utils
Grsecurity2 QuickStart Guide
Grsecurity TPE Guide
Capabilities Listing
PIC Intro (beginner)
PIC Internals (intermediate)
PIC Fixing (advanced)
GNU Stack Quickstart
SELinux subproject resources
Rule Set Based Access Control subproject resources
- RSBAC Overview
- RSBAC Quickstart

7. Herds

The hardened project maintains the following herds:

Herd	Members	Description
hardened	blueness, chainsaw, gengor, klondike, lejonet, nixnut, pebenito, prometheanfire, solar, swift, zorry	Hardened Gentoo project packages and policy
selinux	blueness, pebenito, prometheanfire, swift	Gentoo's Security-Enhanced Linux (SELinux) packages

8. I Want to Participate

To participate in the Hardened Gentoo project first join the mailing list at gentoo-hardened@lists.gentoo.org. Next, ask if there are plans to support something that you are interested in, propose a new subproject that you are interested in, choose one of the planned subprojects to work on or simply ask if you can help with something. You can also talk to the developers and users in the IRC channel #gentoo-hardened on irc.freenode.net for more information or just to chat about the project or any subprojects.

If you think you don't have the knowledge or abilities to help, then try reading the current documents (there are always sections that can be improved or typos which we miss) and when you feel brave enough then try writing those documents you missed. Usually this only requires some internet research on your side and after some documents you'll most probably be able to help with other things you thought you weren't able to help with before.

Also, if you don't have time to actively help by contributing work we will always need testers to maintain the security and stability of the overall product. All development, testing, and productive comments and feedback will be greatly appreciated.

Page updated August 12, 2011

Summary: Hardened Gentoo brings advanced security measures to Gentoo Linux.

Gentoo Project
script generated

Donate to support our development efforts.