Friday, March 18, 2005

Hardened Ubuntu officially Hardened Ubuntu

Nobody had a laptop or projector at BaltoLUG this tuesday, so I didn't manage to give my presentation there. Next month I will try again, April 19 guys. :) I also might pick up The Art of Intrusion and The Art of Deception, just nice books to have (even though I hate reading).

You may have noticed I've been fairly obsessed with Ubuntu Linux. I was a Hardened Gentoo user originally, learning all the internals of the hardening effort and seeing that the project was good. Hardened Gentoo is still a very nice project, and a very usable product, run by a competent team.

Later I moved on to Ubuntu Linux and discussed hardening with them, with favorable results. A little communication with the Hardened Debian project brought these two together, and collaboration has been happening with them since. Once these two met, I just sat back and watched, gently nudging and throwing my input in but for the most part I'm all talk and no action.

But action happens anyway. Martin Pitt soon released security-hardened kernels for Ubuntu, using GrSecurity. Discussing this move with him, I found that he considers PaX to be easily deployed and maintained. As Martin is a major player in Ubuntu's security team, it is likely that Ubuntu will soon support PaX and GrSecurity.

Martin's hardened kernels missed for Hoary (5.04); and lucky too, as Hoary supports Linux 2.6.10. PaX has a serious bug before 2.6.11, for which Martin dumped his hardened kernel repositories to prevent users from installing an exploitable kernel. It's too close to release time for Ubuntu developers to be generating and maintaining experimental, unsupported packages, especially kernels; we'll likely see some 2.6.11 hardened kernels after Hoary's release.

And of course, recently Hardened Ubuntu was started, a fork of Hardened Debian. The Hardened Debian team, working with the Ubuntu Linux team, now is officially targetting Ubuntu as a primary development platform. The Hardened Debian lead is projecting that the 5.11 release of Ubuntu this September will definitely be fully hardened; although this is still unofficial.

No planning has been done for Hoary+1's official goals, so the hardened effort could potentially become the primary driving force for the next release of Ubuntu. Of course, everyone is invited to come join the technical board meetings to push for this. As I said, no official statements have been made; you could make a difference. :)

Recently I looked at Bastille and found much of it to be really nice. In order to support the security hardening efforts, I've recommended the creation of an Ubuntu Linux Security Center to control many of the things Bastille offers in a better interface, as well as PaX, GrSecurity, and Stack Smash Protection. I of course think this is a great idea; and I know the Ubuntu developers could create a really great UI for it.

So there you have it. Nothing official yet, but look forward to the September 2005 release, 5.11 Ubuntu Linux. The wheels are in motion; and if nothing jams them, we should see a fresh, user-friendly desktop Linux fortress distribution. This will be a major step forward; the efforts of projects such as Adamantix and Hardened Gentoo will finally come to fruition as the Hardened Debian team carries their work into the mainstream, user-targetted distributions. It will be beautiful.


Anonymous Anonymous said...

Why was there no follow on bankruptcy then? The bailout of AIG FP went to (wow power leveling) hedge funds that bound credit swaps on Lehman failing or others betting on rating (wow power leveling) declines. AIG has drained over 100 billion from the government. Which had to go to those who bet on failures and downgrades. Many of whom (power leveling)were hedge funds. I-banks that had offsetting swaps needed the money from the AIG bailout or they would have been caught. Its an (wow powerleveling) insiders game and it takes just a little bit too much time for most people to think (wow gold) through where the AIG 100 billion bailout money went to, hedge funds and players, many of whom hire from the top ranks of DOJ, Fed, Treasury, CAOBO
wow goldwow goldwow goldwow gold CAOBO

9:48 PM  
Blogger office said...

The Tax Return Crack-Up<4>
Realizing he might have dug himself in there,Microsoft Office 2010the general emphasized that Office 2010he had spent some time as a junior Office 2007officer working "very closely Microsoft Officewith the Israeli air force" and that heMicrosoft Office 2007had found that "more cosmopolitan,Office 2007 key liberal version of the Israeli population" Office 2007 downloadto be just chock full Office 2007 Professionalof that sort of "goodwill" necessary Windows 7to give a bunch of land back Microsoft outlook 2010to the Palestinians.

4:17 AM  

Post a Comment

<< Home