[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] hardened *nix for Lenovo X60



I would recommend patching Debian maybe include AppArmor/SELinux/one other
tool can't remember the name but starts with a "Ba..."
On Aug 26, 2013 12:54 PM, "kendrick eastes" <keastes@xxxxxxxxx> wrote:

> On Mon, Aug 26, 2013 at 9:09 AM, Eugen Leitl <eugen@xxxxxxxxx> wrote:
>
> >
> > I've managed to lay my hands onb a couple of Lenovo X60's that are
> > in pretty good shape and would like to use them as a moderately secure
> > communication/development system. (I'm not trusting my desktops,
> > servers or mobile devices for obvious reasons). I'm loath to modify
> > the hardware at this point, so I expect to only flash coreboot
> > upon it.
> >
> > What kind of security-minded Linux or *BSD would you guys
> > recommend? Liberte looks a bit too stable (cough, sorry ÐÐÐÑÐÐ)),
> > Kali is more for security h4x0rs. Anything else what is well-maintained
> > yet borderline secure from *untargeted* TLA-level scrutiny?
> >
>
> as a general rule (older and more experienced minds can and probably will
> disagree with me) any consistently updated *nix based OS (and by extension
> *BSD) are safe against untargeted scrutiny. From what we know the various
> TLAs have network taps, and so internet communication is where you are
> vulnerable. changing network habits (to impede statistical analysis), and
> using tor and a handful of other tools (tor, especially as a relay, and OTR
> messaging come to mind first) you can minimize what the TLAs can gather on
> you, but not stop it entirely. on the other hand a sudden spike of
> encrypted traffic may make you more interesting from their point of view.
>
> >
> > I'm okay with text-mostly distros, or minimalistic window
> > managers. It shouldn't be a kitchensink of stuff I don't need,
> > but on the other hand it's shouldn't be so secure it's
> > unusable, either.
> >
>
> if you feel paranoid enough and have enough time to learn it you might
> think about Gentoo Linux, only source is distributed, so all packages are
> compiled in stiu, and are (theoretically) free of malware.
>
> >
> > Pointers to any HOWTOs or SOPs highly welcome. Tanks & machine guns.
> > --
> > tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
> > To unsusbscribe or change other settings go to
> > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
> >
> --
> tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
> To unsusbscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsusbscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk