[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] Hardened Debian Security Focused Distribution - Feedback Wanted!
On 9/27/2018 9:10 AM, TNT BOM BOM wrote:
> === scope ===
> * will be initially released for VMs (VirtualBox, Qubes, maybe KVM)
> * “sudo apt-get install hardened-debian-cli” will be possible on bare
> metal Debian hosts, in other words installations of Debian can be easily
> converted into Hardened Debian by installing the hardened-debian-cli or
> other hardened debian package
> * maybe later available as ISO for installation on hardware depending on
> community interest and support
Being able to do a fresh install of something that involve
"security/anonimity" is clearly welcome.
I don't feel comfortable installing some "security" on top of something
> === hardening by default in Hardened Debian version 1 ===
> * install haveged by default for better entropy
> * sdwdate (https://github.com/Whonix/sdwdate) rather than insecure NTP
> * security-misc (https://github.com/Whonix/security-misc) - (deactivates
> previews in Dolphin; deactivates previews
> in Nautilus; deactivates TCP timestamps; deactivates Netfilter’s
> connection tracking helper;)
> * open-link-confirmation
> * enable apparmor by default
> * available apparmor profiles
> * hopefully spectre / meltdown resistant by default
> === hardening by default in Hardened Debian version 2 ===
> * hardened browser (https://www.whonix.org/wiki/Tor_Browser_without_Tor
> Tor Browser without Tor)
> === hardening by default in Hardened Debian version 3 ===
> * better kernel version
> === usability by default ===
> * https://github.com/Whonix/shared-folder-help 2
> * https://github.com/Whonix/usability-misc 2
> === desktop environment ===
> - initially will be available most likely for:
> * CLI only (console only, no desktop environment)
Will links2 be available?
> * KDE
> - Later on likely for:
> * XFCE
> === vision ===
> * computer security community is larger than computer anonymity
> community - we can work on a shared interest that is security
> * we apply as many security settings by default
> * we apply as much as default from
> * Hardened Debian will be the base for Whonix - Anonymous Operating
> System (https://www.whonix.org/wiki/System_Hardening_Checklist Whonix is
> applying most of above already anyhow)
> === development status of version 1 ===
> * approximately 50% done
> * meta package "hardened-debian-kde" and "hardened-debian-cli" exist -
> * most packages working (since reused from Whonix)
> * build script ready (--flavor hardened-debian-kde / --hardened-debian-cli)
> * builds successfully
> === temporary homepage ===
> * https://www.whonix.org/wiki/Hardened_Debian
> === Questions ===
> * Are you interested in Hardened Debian? What do you think? What would
> you like to see? Any suggestions?
Firewall capability would be nice.
Remote access to Hardent Debian.
Fully installable/usable using CLI.
Note that my comments are based on my understanding of Hardent Debian
which I understand to be a Debian distribution with security in mind.
P.S. My SMTP provider restrict the number of recipients I can send to.
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to