Nobody had a laptop or projector at BaltoLUG this tuesday, so I didn't manage to give my presentation there. Next month I will try again, April 19 guys. :) I also might pick up The Art of Intrusion and The Art of Deception, just nice books to have (even though I hate reading).
You may have noticed I've been fairly obsessed with Ubuntu Linux. I was a Hardened Gentoo user originally, learning all the internals of the hardening effort and seeing that the project was good. Hardened Gentoo is still a very nice project, and a very usable product, run by a competent team.
Later I moved on to Ubuntu Linux and discussed hardening with them, with favorable results. A little communication with the Hardened Debian project brought these two together, and collaboration has been happening with them since. Once these two met, I just sat back and watched, gently nudging and throwing my input in but for the most part I'm all talk and no action.
But action happens anyway. Martin Pitt soon released security-hardened kernels for Ubuntu, using GrSecurity. Discussing this move with him, I found that he considers PaX to be easily deployed and maintained. As Martin is a major player in Ubuntu's security team, it is likely that Ubuntu will soon support PaX and GrSecurity.
Martin's hardened kernels missed for Hoary (5.04); and lucky too, as Hoary supports Linux 2.6.10. PaX has a serious bug before 2.6.11, for which Martin dumped his hardened kernel repositories to prevent users from installing an exploitable kernel. It's too close to release time for Ubuntu developers to be generating and maintaining experimental, unsupported packages, especially kernels; we'll likely see some 2.6.11 hardened kernels after Hoary's release.
And of course, recently Hardened Ubuntu was started, a fork of Hardened Debian. The Hardened Debian team, working with the Ubuntu Linux team, now is officially targetting Ubuntu as a primary development platform. The Hardened Debian lead is projecting that the 5.11 release of Ubuntu this September will definitely be fully hardened; although this is still unofficial.
No planning has been done for Hoary+1's official goals, so the hardened effort could potentially become the primary driving force for the next release of Ubuntu. Of course, everyone is invited to come join the technical board meetings to push for this. As I said, no official statements have been made; you could make a difference. :)
Recently I looked at Bastille and found much of it to be really nice. In order to support the security hardening efforts, I've recommended the creation of an Ubuntu Linux Security Center to control many of the things Bastille offers in a better interface, as well as PaX, GrSecurity, and Stack Smash Protection. I of course think this is a great idea; and I know the Ubuntu developers could create a really great UI for it.
So there you have it. Nothing official yet, but look forward to the September 2005 release, 5.11 Ubuntu Linux. The wheels are in motion; and if nothing jams them, we should see a fresh, user-friendly desktop Linux fortress distribution. This will be a major step forward; the efforts of projects such as Adamantix and Hardened Gentoo will finally come to fruition as the Hardened Debian team carries their work into the mainstream, user-targetted distributions. It will be beautiful.