LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices

Reply
 
LinkBack Search this Thread
Old 07-10-2012, 06:53 PM   #1
ReaperX7
Senior Member
 
Registered: Jul 2011
Distribution: LFS-SVN, Slackware-14.1, PCBSD-10.0
Posts: 2,383
Blog Entries: 14

Rep: Reputation: 582Reputation: 582Reputation: 582Reputation: 582Reputation: 582Reputation: 582
Is there a Hardened version of Slackware?


Just a random question but is there a version of Slackware out there that uses the SELinux kernel and favors high security, much like Hardened Gentoo?
 
Old 07-10-2012, 07:01 PM   #2
willysr
Senior Member
 
Registered: Jul 2004
Location: Jogja, Indonesia
Distribution: Slackware-Current
Posts: 2,336

Rep: Reputation: 377Reputation: 377Reputation: 377Reputation: 377
Do you think Slackware need those features?
It's already secured by default installation since it doesn't enable too many daemon services at installation phase and it has included well-tested applications to the default stock packages

The rest is up to the admin to configure the whole system
 
Old 07-10-2012, 08:19 PM   #3
ReaperX7
Senior Member
 
Registered: Jul 2011
Distribution: LFS-SVN, Slackware-14.1, PCBSD-10.0
Posts: 2,383
Blog Entries: 14

Original Poster
Rep: Reputation: 582Reputation: 582Reputation: 582Reputation: 582Reputation: 582Reputation: 582
Was only curious.
 
Old 07-10-2012, 11:44 PM   #4
kingbeowulf
Member
 
Registered: Oct 2003
Location: WA
Distribution: Slackware64 14.1, Slackware 14.1
Posts: 498

Rep: Reputation: 136Reputation: 136
A lot of the Slackware specific hardening information is older and scattered. Various GURU's no doubt have yet to impart their hard earned wisdom. It also depends what security you want or need: general server, web, ssh etc. Might not be a bad idea to include a hardening chapter in the "new" slackbook (Don't look at me; I'm not worthy!). Here is some stuff I looked at ages ago:

http://www.linuxquestions.org/questi...ckware-292781/

http://dentonj.freeshell.org/

http://www.slackzine.com.br/hardening_slack.php

http://www.sastk.org/

Last edited by kingbeowulf; 07-10-2012 at 11:45 PM. Reason: spelling
 
Old 07-11-2012, 12:11 AM   #5
ReaperX7
Senior Member
 
Registered: Jul 2011
Distribution: LFS-SVN, Slackware-14.1, PCBSD-10.0
Posts: 2,383
Blog Entries: 14

Original Poster
Rep: Reputation: 582Reputation: 582Reputation: 582Reputation: 582Reputation: 582Reputation: 582
Interesting stuff. Though most of it is for things like 13.0 and older versions of the OS, I am wondering if some of it could be updated to run with the newer releases like 13.37 and 14.0 (when released).

The only thing I haven't really seen around the net for Slackware is how to rebuild the kernel to SELinux specifications. I'll see what I can get from the HLFS (Hardened Linux from Scratch) project and see if any of it could translate into Slackware.

Wikipedia claims that a Slackware specific port of SELinux and packages was available at one time but development had stagnated.

Thanks King.

Last edited by ReaperX7; 07-11-2012 at 12:12 AM.
 
Old 07-11-2012, 05:26 AM   #6
wargus
Member
 
Registered: Mar 2010
Location: Switzerland
Distribution: Slackware
Posts: 91

Rep: Reputation: 13
I recommend using Grsecurity.
I have it running without any problems on a 13.0 server, but I don't see any limitations running it on newer Slackware versions.
 
Old 07-11-2012, 12:20 PM   #7
Col-Panic
LQ Newbie
 
Registered: Feb 2007
Location: Blue Mountains of NE Oregon, out on the Rez
Distribution: Slackware, Slackware64, Slamd64, Gentoo, RedHat
Posts: 13

Rep: Reputation: 1
Quote:
Originally Posted by wargus View Post
I recommend using Grsecurity.
+1. I compiled grsec into a Slamd64 11.0 machine that I built as a fairly busy multiport firewall/router a number of years ago. Very happy with the results. Fast, secure, rock solid.

blackhole:~# cat /etc/slackware-version; uname -a; uptime
Slackware 11.0.0 (x86_64)
Linux blackhole 2.6.19.2-grsec #3 Sat Apr 28 20:37:38 PDT 2007 x86_64 x86_64 x86_64 GNU/Linux
10:17:05 up 1461 days, 3:37, 5 users, load average: 0.00, 0.00, 0.00
 
Old 07-12-2012, 01:36 PM   #8
ottavio
Member
 
Registered: Nov 2007
Posts: 312

Rep: Reputation: 46
Other distros need hardened versions because they're bugged by default while Slackware isn't. (How come Fedora springs to my mind, I don't know)
 
Old 07-12-2012, 04:46 PM   #9
NyteOwl
Member
 
Registered: Aug 2008
Location: Nova Scotia, Canada
Distribution: Slackware, OpenBSD, others periodically
Posts: 512

Rep: Reputation: 138Reputation: 138
All software contains bugs and Slackware is NOT deliberately hardened by default. It just turn on everything out-of-the-box. That is not the same as hardening an operating system. Slackware can be hardened, any Linux distribution can, however security is a process not a one-off configuration and maintaining that stance requires a knowledgeable and vigilant admin. That doesn't apply to most users or any operating system.
 
1 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Hardened Kernel Deemo Linux - Server 1 09-13-2011 10:57 AM
Hardened Slackware? Lufbery Slackware 18 06-08-2010 05:56 PM
hardened linux from scratch glibc build hardened-specs.sh problem behmjoe Linux From Scratch 2 09-04-2005 02:06 PM
Hardened Distribution Obie Linux - Security 6 05-30-2004 10:55 PM
slackware startx starts the wrong version, i didn't even know i had another version edman007 Linux - Software 3 05-16-2004 07:38 PM


All times are GMT -5. The time now is 08:53 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration