[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] Hardened Debian Security Focused Distribution - Feedback Wanted!

=== scope ===

* will be initially released for VMs (VirtualBox, Qubes, maybe KVM)
* “sudo apt-get install hardened-debian-cli” will be possible on bare
metal Debian hosts, in other words installations of Debian can be easily
converted into Hardened Debian by installing the hardened-debian-cli or
other hardened debian package
* maybe later available as ISO for installation on hardware depending on
community interest and support

=== hardening by default in Hardened Debian version 1 ===

* install haveged by default for better entropy
* sdwdate (https://github.com/Whonix/sdwdate) rather than insecure NTP
* security-misc (https://github.com/Whonix/security-misc) - (deactivates
previews in Dolphin; deactivates previews
in Nautilus; deactivates TCP timestamps; deactivates Netfilter’s
connection tracking helper;)
* open-link-confirmation
* enable apparmor by default
* available apparmor profiles
* hopefully spectre / meltdown resistant by default

=== hardening by default in Hardened Debian version 2 ===

* hardened browser (https://www.whonix.org/wiki/Tor_Browser_without_Tor
Tor Browser without Tor)

=== hardening by default in Hardened Debian version 3 ===

* better kernel version

=== usability by default ===

* https://github.com/Whonix/shared-folder-help 2
* https://github.com/Whonix/usability-misc 2

=== desktop environment ===

- initially will be available most likely for:

* CLI only (console only, no desktop environment)

- Later on likely for:


=== vision ===

* computer security community is larger than computer anonymity
community - we can work on a shared interest that is security
* we apply as many security settings by default
* we apply as much as default from
* Hardened Debian will be the base for Whonix - Anonymous Operating
System (https://www.whonix.org/wiki/System_Hardening_Checklist Whonix is
applying most of above already anyhow)

=== development status of version 1 ===

* approximately 50% done
* meta package "hardened-debian-kde" and "hardened-debian-cli" exist -
* most packages working (since reused from Whonix)
* build script ready (--flavor hardened-debian-kde / --hardened-debian-cli)
* builds successfully

=== temporary homepage ===
* https://www.whonix.org/wiki/Hardened_Debian

=== Questions ===

* Are you interested in Hardened Debian? What do you think? What would
you like to see? Any suggestions?
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to