LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices

Reply
 
Search this Thread
Old 02-19-2010, 11:14 AM   #1
Lufbery
Senior Member
 
Registered: Aug 2006
Location: Harrisburg, PA
Distribution: Slackware 64 14.0
Posts: 1,142
Blog Entries: 29

Rep: Reputation: 119Reputation: 119
Hardened Slackware?


Hi all,

I've been reading about Hardened Linux from Scratch, and that got me wondering what it would take to build Slackware with some (or all?) of the HLFS modifications.

Has anyone done something like that?

To broaden the question a bit, what do you all do to harden your Slackware installation? Do you use IPTables? Do you encrypt your hard drive? Please share.

Regards,
 
Old 02-19-2010, 11:25 AM   #2
Alexvader
Member
 
Registered: Oct 2009
Location: Japan
Distribution: Arch, Debian, Slackware
Posts: 994

Rep: Reputation: 94
Hi

I Encrypt hard drive...

Is there a way to create a customized implementation of LUKS/AES...?

Inclusion or other symmetric encryption protocols, ncreased number of rounds in AES cypher, extended keyword length/permutation tables, different key scheduling mechanism...?


I know the code is open, but I would like ro read on the details of implementation...

This would be a real Hardened Slackware... IMHO...

BRGDS

Alex
 
Old 02-19-2010, 12:31 PM   #3
GazL
Senior Member
 
Registered: May 2008
Posts: 3,502

Rep: Reputation: 1024Reputation: 1024Reputation: 1024Reputation: 1024Reputation: 1024Reputation: 1024Reputation: 1024Reputation: 1024
I do all the usual low-hanging-fruit stuff: iptables, encrypted partition, use of different users/groups for different tasks, ensure daemons that are only needed locally only listen on 127.0.0.1.

I've been meaning to try grSecurity for a while now but I've not got around to it yet. To be honest, I'm not sure it would gain me all that much the way I use my box. If I wanted to run a secured server I'd probably implement it on OpenBSD rather than linux anyway.
 
Old 02-19-2010, 02:23 PM   #4
gnashley
Amigo developer
 
Registered: Dec 2003
Location: Germany
Distribution: Slackware
Posts: 4,775

Rep: Reputation: 481Reputation: 481Reputation: 481Reputation: 481Reputation: 481
Here's a (perhaps) useful link:
http://transamrit.net/docs/sysHarden...ening-10.2.txt
 
1 members found this post helpful.
Old 02-23-2010, 03:47 PM   #5
Lufbery
Senior Member
 
Registered: Aug 2006
Location: Harrisburg, PA
Distribution: Slackware 64 14.0
Posts: 1,142
Blog Entries: 29

Original Poster
Rep: Reputation: 119Reputation: 119
Gilbert,

That link is useful, though terse. It is, as I understand it, a different approach from HLFS, which actually compiles the system differently to harden it.

I need to do more research. I suspect, though, that it is possible to recompile Slackware with the hardened bits, just like GrapefruitGirl recompiled Slackware for performance last year. I also suspect that it would be a lot of work!

Regards,
 
Old 02-26-2010, 12:43 PM   #6
Lufbery
Senior Member
 
Registered: Aug 2006
Location: Harrisburg, PA
Distribution: Slackware 64 14.0
Posts: 1,142
Blog Entries: 29

Original Poster
Rep: Reputation: 119Reputation: 119
In the quest to continue on this theme, I've found a good thread on encrypting one's hard drive here. This is most useful if one already has Slackware installed.
 
Old 02-26-2010, 01:07 PM   #7
GrapefruiTgirl
Guru
 
Registered: Dec 2006
Location: underground
Distribution: Slackware64
Posts: 7,594

Rep: Reputation: 550Reputation: 550Reputation: 550Reputation: 550Reputation: 550Reputation: 550
Hopefully not too off-topic for this thread, but I'd like to know from users who are using encrypted HDD for their Slackware install:

What is the performance/speed impact of an encrypted installation? Is the system noticeably slower/sluggish? How is boot-up time affected?
 
Old 02-26-2010, 01:18 PM   #8
Lufbery
Senior Member
 
Registered: Aug 2006
Location: Harrisburg, PA
Distribution: Slackware 64 14.0
Posts: 1,142
Blog Entries: 29

Original Poster
Rep: Reputation: 119Reputation: 119
That's not off-topic at all. I've been wondering the same thing.
 
Old 02-26-2010, 02:02 PM   #9
Rupa
Member
 
Registered: Apr 2008
Location: Berlin, Germany
Distribution: Slackware, Debian, NetBSD
Posts: 80

Rep: Reputation: 25
Quote:
Originally Posted by GrapefruiTgirl View Post
What is the performance/speed impact of an encrypted installation? Is the system noticeably slower/sluggish? How is boot-up time affected?
I'm using encryption for example on my Atom Netbook. First I encryptet the whole disk and installed everything in LVM (which is the only possibility to encrypt swap for suspend to disk). The system felt really slow. Then I reinstalled and encrypted only /home. Now it feels like slackware again.
 
1 members found this post helpful.
Old 02-26-2010, 02:49 PM   #10
titopoquito
Senior Member
 
Registered: Jul 2004
Location: Ruhr Area, Germany
Distribution: Slackware64 14.0
Posts: 1,525

Rep: Reputation: 94
Quote:
Originally Posted by GrapefruiTgirl View Post
What is the performance/speed impact of an encrypted installation? Is the system noticeably slower/sluggish? How is boot-up time affected?
In my perception the speed loss is not that huge. I have my systems encrypted but have some partitions still unencrypted. Since my system partitions are all encrypted I cannot compare to unencrypted boot time. My impression (not measured, only impression) is that it makes a noticable difference if you're acting on many or big files, but I do not notice it in everyday usage. The "smallest" machine I can say this for has a Intel Celeron M530, a SATA harddisk and 1GB of RAM.

My opinion may be biased though - I don't have a choice because I absolutely need the encryption and I had expected a real slow down, so I'm more than happy with the result.
 
1 members found this post helpful.
Old 02-27-2010, 01:13 AM   #11
T3slider
Senior Member
 
Registered: Jul 2007
Distribution: Slackware64-14.1
Posts: 2,297

Rep: Reputation: 722Reputation: 722Reputation: 722Reputation: 722Reputation: 722Reputation: 722Reputation: 722
I use an encrypted LVM for my whole system and have not noticed any slowdown at all. I play the occasional game and get reasonable framerates, and between my formerly unencrypted Slackware 12.1 install and my now-former encrypted Slackware 12.2 install I noticed no significant slowdown of the system. And of course my current encrypted Slackware64-13.0 installation seems fine as well.

Of course this is all anecdotal, but the encryption certainly has not made using my system any more frustrating at the very least. If you are concerned you can always just encrypt /home and leave the rest unencrypted -- any data that has any value shouldn't be stored in any other place in the running system IMO.
 
1 members found this post helpful.
Old 02-27-2010, 01:43 AM   #12
tuxdev
Senior Member
 
Registered: Jul 2005
Distribution: Slackware
Posts: 2,014

Rep: Reputation: 115Reputation: 115
For my systems, I make a scope-limiting assumption that physical access is already Game Over. Network-wise, I've got iptables set up so that all a scanner can tell about my computer is that there's a ethernet card.
 
Old 02-27-2010, 10:19 AM   #13
Lufbery
Senior Member
 
Registered: Aug 2006
Location: Harrisburg, PA
Distribution: Slackware 64 14.0
Posts: 1,142
Blog Entries: 29

Original Poster
Rep: Reputation: 119Reputation: 119
Quote:
Originally Posted by T3slider View Post
If you are concerned you can always just encrypt /home and leave the rest unencrypted. . .
I guess I have two questions:

1) Is there any way to encrypt the /home directory without moving all the data and encrypting it based on the directions in README_CRYPT with cryptsetup?

2) /home has everyone's home directory (e.g., /home/drew and /home/robin). How does encryption work with multiple users?

Regards,
 
Old 02-27-2010, 10:49 AM   #14
titopoquito
Senior Member
 
Registered: Jul 2004
Location: Ruhr Area, Germany
Distribution: Slackware64 14.0
Posts: 1,525

Rep: Reputation: 94
Quote:
Originally Posted by Lufbery View Post
I guess I have two questions:

1) Is there any way to encrypt the /home directory without moving all the data and encrypting it based on the directions in README_CRYPT with cryptsetup?

2) /home has everyone's home directory (e.g., /home/drew and /home/robin). How does encryption work with multiple users?

Regards,
1) Not that I know of, at least not with cryptsetup-LUKS. I know that TrueCrypt does that with Windows system partitions on the fly though so it is not theoretically impossible. I don't know if truecrypt on Linux can handle this.

2) Works flawless, once the system is started you don't notice what folders are being encrypted as it is handled transparently.
If it is a desktop machine where several people will have access, the user that boots the machine is of course required to enter a passphrase (or use a keyfile etc.), else no user can access her/his home folders.
LUKS offers several key slots so that at least some users (seven, nine? I don't remember) could use their distinct passphrases or keyfiles.
 
Old 02-27-2010, 10:20 PM   #15
slackwaredanny
Member
 
Registered: Feb 2010
Location: Sweden
Distribution: Slackware
Posts: 88
Blog Entries: 3

Rep: Reputation: 20
Quote:
Originally Posted by GrapefruiTgirl View Post
Hopefully not too off-topic for this thread, but I'd like to know from users who are using encrypted HDD for their Slackware install:

What is the performance/speed impact of an encrypted installation? Is the system noticeably slower/sluggish? How is boot-up time affected?
http://slackware.osuosl.org/slackwar...ADME_CRYPT.TXT

Exellent guide by alienbob i used the luks/lwm setup.
doesnt feel slower,boot-up time to enter password +10 sec.
 
1 members found this post helpful.
  


Reply

Tags
security, slackware


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Not a n00b but not a hardened user... Tralce LinuxQuestions.org Member Intro 1 12-10-2006 06:13 PM
hardened mini linux distribution toonlee Linux From Scratch 2 04-25-2006 12:12 PM
Xorg-6.9 or 7.0 on hardened system business_kid Linux - Security 1 01-12-2006 05:59 PM
hardened linux from scratch glibc build hardened-specs.sh problem behmjoe Linux From Scratch 2 09-04-2005 03:06 PM
Hardened Distribution Obie Linux - Security 6 05-30-2004 11:55 PM


All times are GMT -5. The time now is 04:59 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration