Project:Hardened
| Has Name::Hardened | |
|---|---|
| Description | Has Description::Hardened Gentoo is a project which oversees the research, implementation, and maintenance of security oriented projects for Gentoo Linux. |
| Project email | Has Contact::hardened@gentoo.org |
| IRC channel | #gentoo-hardened |
| Lead(s) | SMW::off
Last elected: Has Lead Election Date::2019/04/22 |
| Member(s) | SMW::off
|
| Subproject(s) (and inherited member(s)) |
SMW::offSMW::on |
| Parent Project | Gentoo |
| Project listing | |
Goals
Hardened Gentoo's purpose is to make Gentoo viable for highly secure, high stability production server environments. This project is not a standalone project separated from the rest of Gentoo. Instead, it is intended to be a team of Gentoo developers who are focused on delivering solutions to Gentoo that provide strong security and stability. These solutions will be available in Gentoo once they've been tested for security and stability by the Hardened team.
Contributors and Hall of Fame
The following people are or have been actively contributing to the project.
| Contributor | Nickname | Role | Still active? |
|---|---|---|---|
| Chris Richards | gizmo | Policy development, support (SELinux) | No |
| Chris PeBenito | pebenito | Previous SELinux project lead, policy development and SELinux support | No |
| Sven Vermeulen | SwifT | Previous SELinux project lead, policy development and SELinux support | No |
Resources
The Gentoo Hardened project offers many resources:
Grsecurity and PaX is no longer officially supported!
| Concepts | Description |
|---|---|
| Introduction to Hardened Gentoo | Overview of the various technologies researched and supported through the Gentoo Hardened project |
| Introduction to PIC | Introduction to Position Independent Code |
| User Guides | |
| Hardened Gentoo Frequently Asked Questions | Frequently Asked Questions for the Gentoo Hardened project |
| Expert documentation | |
| Hardened Debugging | Debugging applications build with PIC/PIE |
| Hardened Toolchain | Technical description of the Hardened Toolchain |
| GNU Stack Quickstart | Introduction to GNU stack handling |
| TEXTRELs Guide | How to find and fix text relocations |
| Not longer supported | |
| PaX Quickstart Guide | How to use PaX |
| PaX Flag migration from PT_PAX to XATTR_PAX | How to migrate the ELF based PaX flags to the extended attribute based flags |
| Grsecurity2 Quickstart Guide | What are the grsecurity features and how to enable them on a Gentoo Linux system |
| Grsecurity TPE Guide | Grsecurity Trusted Path Execution guide |
| Reference material | |
| PaX Utilities | Overview of the PaX utilities |
| Capabilities Listing | List of POSIX capabilities |
| PIC Internals | Position Independent Code Internals |
Don't forget to take a look at the resources of the subprojects too:
Participation
To participate in the Hardened Gentoo project first join the mailing list at gentoo-hardened@lists.gentoo.org. Next, ask if there are plans to support something that you are interested in, propose a new subproject that you are interested in, choose one of the planned subprojects to work on or simply ask if you can help with something. You can also talk to the developers and users in the IRC channel #gentoo-hardened on Freenode for more information, or just to chat about the project or any subprojects.
If you think you don't have the knowledge or abilities to help, then try reading the current documents (there are always sections that can be improved or typos which we miss) and when you feel brave enough then try writing those documents you missed. Usually this only requires some internet research on your side and after some documents you'll most probably be able to help with other things you thought you weren't able to help with before.
Also, if you don't have time to actively help by contributing work we will always need testers to maintain the security and stability of the overall product. All development, testing, and productive comments and feedback will be greatly appreciated.