[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] Hardened Debian Security Focused Distribution - Feedback Wanted!



=== scope ===

* will be initially released for VMs (VirtualBox, Qubes, maybe KVM)
* “sudo apt-get install hardened-debian-cli” will be possible on bare
metal Debian hosts, in other words installations of Debian can be easily
converted into Hardened Debian by installing the hardened-debian-cli or
other hardened debian package
* maybe later available as ISO for installation on hardware depending on
community interest and support

=== hardening by default in Hardened Debian version 1 ===

* install haveged by default for better entropy
* sdwdate (https://github.com/Whonix/sdwdate) rather than insecure NTP
(https://www.whonix.org/wiki/Dev/TimeSync)
* security-misc (https://github.com/Whonix/security-misc) - (deactivates
previews in Dolphin; deactivates previews
in Nautilus; deactivates TCP timestamps; deactivates Netfilter’s
connection tracking helper;)
* open-link-confirmation
* enable apparmor by default
* available apparmor profiles
(https://github.com/Whonix?utf8=%E2%9C%93&q=apparmor-profile&type=&language=)
* hopefully spectre / meltdown resistant by default
(https://forums.whonix.org/t/whonix-vulerable-due-to-missing-processor-microcode-packages-spectre-meltdown-retpoline-l1-terminal-fault-l1tf/5739)

=== hardening by default in Hardened Debian version 2 ===

* hardened browser (https://www.whonix.org/wiki/Tor_Browser_without_Tor
Tor Browser without Tor)

=== hardening by default in Hardened Debian version 3 ===

* better kernel version
(https://forums.whonix.org/t/kernel-versions-and-security/5791)

=== usability by default ===

* https://github.com/Whonix/shared-folder-help 2
* https://github.com/Whonix/usability-misc 2

=== desktop environment ===

- initially will be available most likely for:

* CLI only (console only, no desktop environment)
* KDE

- Later on likely for:

* XFCE

=== vision ===

* computer security community is larger than computer anonymity
community - we can work on a shared interest that is security
* we apply as many security settings by default
* we apply as much as default from
* Hardened Debian will be the base for Whonix - Anonymous Operating
System (https://www.whonix.org/wiki/System_Hardening_Checklist Whonix is
applying most of above already anyhow)

=== development status of version 1 ===

* approximately 50% done
* meta package "hardened-debian-kde" and "hardened-debian-cli" exist -
https://github.com/Whonix/anon-meta-packages/blob/master/debian/control
* most packages working (since reused from Whonix)
* build script ready (--flavor hardened-debian-kde / --hardened-debian-cli)
* builds successfully

=== temporary homepage ===
* https://www.whonix.org/wiki/Hardened_Debian

=== Questions ===

* Are you interested in Hardened Debian? What do you think? What would
you like to see? Any suggestions?
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk