Hardened Lunar-Linux
Contents |
About this Project
Since i use Lunar Linux on some production servers (In an hosting-company) i'm interested in securing Linux, especially securing Lunar Linux. This Project will give you the following things:
* A more secure System * A stable System * A good working environment
We're providing many patches to applications. These patches are including bugfixes, security enhancements and other related things. The System itself will probably loose a few things, too. For example: It will not be as user-friendly as the original Lunar Linux is. Thats why i think we shouldn't add these patches and enhancements to the normal moonbase.
This Project won't give you the following things:
* A 100% secured System * A racing-gaming-1337-System
Please keep in mind: We, especially I can't give you any warranty, that this enhancements will keep your system really secure. For a really secure System you need a Systemadministrator and some more things. Feel free to contact me, if you need one ;-)
News / Progress
* Still experimental
* 14th/15th March 2007 - Added some patches for other applications, working on net-tools atm i want to combine some patches i found with the lunar-fixes patch. Since yet everything is working really fine. I'll try it the next days on a second system. * 13th March 2007 - Compiled everything like described in this Document. Everything seems working. Rebuilding now the entire System.
ToDo / Needed
* I need some people to test this enhancements. * I need some people helping me to be up-to-date in security informations (Needed patches, known vulnerabilities, etc). * I need some people helping writing, managing and searching patches.
* I need an bash script doing the installation of the hardened Lunar automatically. At the moment it's a bit annoying and much work for the end-user. * I have some patches not working - They have to be corrected.
What modules are we using?
We're using the same modules like the original Lunar Linux, sometimes we use newer modules like gcc 4.1.2 and glibc 2.5 - Cause i personally think most problems with these newer modules are corrected with the used patches. Compiled and worked really fine on 4 Systems.
It could be, that Hardened Lunar Linux will have some older modules than the original Lunar Linux - Thats a 'Time'-Problem. We have to rewrite patches, search for new patches, looking for vulnerabilities and and and. Hardened Lunar Linux should offer a 'stable' and 'secure' system - Not an extremly-up-to-date distribution.
How about patches, where are they from?
We take patches from the LFS and HLFS Download Sites. Perhaps we'll use patches from other Distributions, too. Depends on the patch - As long as we keep credit, this shouldn't be a problem. But at least we'll write our own patches, too.
Do i need GRSecurity or a special Kernel?
Thats a good question, the simple answer is:
No! You don't.
The long answer is:
Depends on what you want. It could be that a grsecurity kernel is exactly what u want - It could make your whole system more secure than anything else. But it could make your system unstable, too. If u want to use PAX, ACL, such things you will need at least a recompile of your kernel. But as i explained above: We're patching applications. These patches are bugfixes and security enhancements, possibly features and "now-i-work-better-with-grsec"-things.
You are free, to use what u want.
Looks interesting, where do i begin?
Here. Well, really here. You should make some coffee/tea. At the moment, it's a long way. I hope i will be able to write a little Bashscript with an automatically installation. Follow the following topics:
Installation
1.) Hardened_Lunar-Linux Required files 2.) Hardened_Lunar-Linux The 3 Steps Installation 3.) Hardened_Lunar-Linux Optional: Special Kernel 4.) Hardened_Lunar-Linux Recommended: Testing everything
Configuration
still working on it .. ;)
Overview (For Developers or Interested Users
1.) Hardened_Lunar-Linux Patches and their Descriptions 2.) Hardened_Lunar-Linux Changes Configure Scripts and Why