Hardened Gentoo
1.
Project Description
Hardened Gentoo is a project which oversees the research, implementation, and
maintenance of security oriented projects for Gentoo Linux. We are a team of
very competent individuals dedicated to bring advanced security to Gentoo
with a number of subprojects.
2.
Project Goals
Hardened Gentoo's purpose is to make Gentoo viable for highly secure, high
stability production server environments. This project is not a standalone
project separated from the rest of Gentoo. Instead, it is intended to be a team
of Gentoo developers who are focused on delivering solutions to Gentoo that
provide strong security and stability. These solutions will be available in
Gentoo once they've been tested for security and stability by the Hardened team.
3.
Developers
Developer |
Nickname |
Role |
Tony Vroon |
chainsaw |
Member ( Hardened sources ) |
Sven Vermeulen |
swift |
Member ( SELinux ) |
Anthony G. Basile |
blueness |
Member ( PaX/Grsecurity, Hardened sources ) |
Gordon Malm |
gengor |
Member ( PaX/Grsecurity, Hardened sources ) |
Francisco Blas Izquierdo Riera |
klondike |
Member ( Doc, PR ) |
Daniel Kuehn |
lejonet |
Member ( Hardened sources ) |
Gysbert Wassenaar |
nixnut |
Member ( PPC arch team liaison ) |
Chris PeBenito |
pebenito |
Member ( SELinux ) |
Matt Thode |
prometheanfire |
Member ( SELinux ) |
Matthew Summers |
quantumsummers |
Member ( Hardened sources, Doc ) |
Magnus Granberg |
zorry |
Project Lead ( Hardened Toolchain, Doc ) |
All developers can be reached by e-mail using nickname@gentoo.org.
4.
Contributors
The following people although non-developer are actively contributing to the
project:
Contributor |
Nickname |
Role |
Chris Richards |
gizmo |
Policy development, support (SELinux) |
5.
Subprojects
The hardened
project has the following subprojects:
Project |
Lead |
Description |
SELinux
|
Sven Vermeulen |
SELinux is a system of mandatory access controls. SELinux can enforce the security policy over all processes and objects in the system. |
RSBAC
|
Anthony G. Basile |
RSBAC is Mandatory Access Control security system based on the GFAC framework logic. It includes standard models, like the Role Compatibility, Access Control Lists and Mandatory Access Control. RSBAC enforces access control rules on your operating system. |
PaX/Grsecurity |
Anthony G. Basile |
Grsecurity is a complete security solution providing such features as a MAC or
RBAC system, chroot restrictions, address space modification protection (via
PaX), auditing features, randomization features, linking restrictions to prevent
file race conditions, ipc protections and much more.
|
Hardened Toolchain |
Magnus Granberg |
Transparent implementation of
PaX address space
layout randomizations and stack smashing protections using ELF shared objects as
executables.
|
Hardened Kernel Sources |
Anthony G. Basile |
A kernel which provides patches for hardened subprojects, and stability/security
oriented patches. Includes Grsecurity and SELinux.
|
6.
Resources
Resources offered by the
hardened
project are:
7.
Herds
The hardened
project maintains the following herds:
Herd |
Members |
Description |
hardened |
blueness, chainsaw, gengor, klondike, lejonet, nixnut, pebenito, prometheanfire, solar, swift, zorry |
Hardened Gentoo project packages and policy |
selinux |
blueness, pebenito, prometheanfire, swift |
Gentoo's Security-Enhanced Linux (SELinux) packages |
8.
I Want to Participate
To participate in the Hardened Gentoo project first join the mailing list at
gentoo-hardened@lists.gentoo.org. Next, ask if there are plans to
support something that you are interested in, propose a new subproject that you
are interested in, choose one of the planned subprojects to work on or simply
ask if you can help with something. You can also talk to the developers and
users in the IRC channel #gentoo-hardened on irc.freenode.net for
more information or just to chat about the project or any subprojects.
If you think you don't have the knowledge or abilities to help, then try reading
the current documents (there are always sections that can be improved or typos
which we miss) and when you feel brave enough then try writing those documents
you missed. Usually this only requires some internet research on your side and
after some documents you'll most probably be able to help with other things you
thought you weren't able to help with before.
Also, if you don't have time to actively help by contributing work we will
always need testers to maintain the security and stability of the overall
product. All development, testing, and productive comments and feedback will be
greatly appreciated.
|