LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
  Search this Thread
Old 01-01-2014, 08:31 AM   #16
kikinovak
MLED Founder
 
Registered: Jun 2011
Location: Montpezat (South France)
Distribution: CentOS, OpenSUSE
Posts: 3,384

Rep: Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985

Quote:
Originally Posted by Alien Bob View Post
Actually there has been such an effort.
Kongoni Linux started out as a fork of Slackware, removing all non-free bits and getting it accepted by the FSF as a free GNU/Linux distribution in 2009: http://www.fsf.org/news/free-distrib...ngoni-trisquel
Kongoni's base was the 64-bit fork of Slamd64 actually (bluewhite64) but when an official 64-bit Slackware was released, I had some conversations with A.J. Venter and convinced him to switch from bluewhite64 to Slackware64 as his base. Unfortunately he got overworked and had to abandon his efforts. The project was taken over by someone else but the distro basically died and the web site is now an ad machine. Goes to show that a Linux distribution is hard to maintain as a one-man effort unless you have strong will and a clear goal, and are able to work relentlessly hard.

Eric
Kongoni was very nice. There was an interesting article about it in the german magazine Linux User, which made me give it a spin. I kept it on a machine for some time, and I was sad to see it go down the drain.
 
Old 01-01-2014, 09:01 AM   #17
samac
Senior Member
 
Registered: Mar 2004
Location: Westray, Orkney
Distribution: Linux Mint 17.1
Posts: 1,424

Rep: Reputation: 138Reputation: 138
Download site for Kongoni if anyone is interested. http://sourceforge.net/projects/kong...?source=navbar It is a bit old but it might be of interest to someone.

samac
 
Old 01-01-2014, 06:11 PM   #18
Claudiu.Ionel
LQ Newbie
 
Registered: May 2013
Location: home
Distribution: Slackware
Posts: 6

Rep: Reputation: Disabled
hardening and usability

I tried hardening the system but here are the disadvantages :
>when I needed to connect to the internet I had to start manually the service for Wicd.
>when I needed to print something I had to /etc/rc.d/rc.cups start
>... and also rc.pcmcia, rc.messagebus, rc.inet1, rc.bluetooth, rc.alsa, rc.acpid
Advantages:
>you control pretty much everything you need.
>in /etc/sysctl.conf you can change kernel parameters like: vm.swappiness = 10 to use less swap if you have plenty of memory.
 
Old 01-01-2014, 09:01 PM   #19
AlleyTrotter
Member
 
Registered: Jun 2002
Location: Coal Township PA
Distribution: Slackware64-14.2 (5.1.15) UEFI enabled (LFS-8.4 when Slackware becomes too easy)
Posts: 535

Rep: Reputation: 193Reputation: 193
Great philosophical discussion!
Is anyone going to offer some actual advice on hardening/securing Slackware?
John
 
Old 01-01-2014, 09:17 PM   #20
hitest
Guru
 
Registered: Mar 2004
Location: Prince Rupert, B.C., Canada
Distribution: Slackware, OpenBSD
Posts: 5,779

Original Poster
Rep: Reputation: 1901Reputation: 1901Reputation: 1901Reputation: 1901Reputation: 1901Reputation: 1901Reputation: 1901Reputation: 1901Reputation: 1901Reputation: 1901Reputation: 1901
Quote:
Originally Posted by AlleyTrotter View Post
Is anyone going to offer some actual advice on hardening/securing Slackware?
John
Agreed. I am indeed enjoying the philosophical discourse. I would like to read more specific methods on how to harden, protect my favourite OS.
 
Old 01-01-2014, 10:01 PM   #21
ReaperX7
LQ Guru
 
Registered: Jul 2011
Location: California
Distribution: Slackware64-Current
Posts: 6,446
Blog Entries: 15

Rep: Reputation: 2016Reputation: 2016Reputation: 2016Reputation: 2016Reputation: 2016Reputation: 2016Reputation: 2016Reputation: 2016Reputation: 2016Reputation: 2016Reputation: 2016
To harden the system as per the actual SELinux style of hardening, you'd have to rebuild the system from the ground up as an SELinux distribution. Slackware, as consequence can not be code hardened (this would require patches Slackware does not have), but it can be effectively hardened through other means such as proper security implementations.

I'd recommend reading Hardened Linux From Scratch first to understand how a code and core hardened system works and the differences in packages versus a standard Linux build and distribution goes. Hardened Gentoo works on similar principles. The HLFS book may be a bit dated, but a working system can be built from it.

To be honest, even if you had a perfected SELinux system built, without a proper security configuration, setup, and implementation of principles and parameters, it's no more secure than any other non-SELinux system out there and still vulnerable.
 
Old 01-01-2014, 10:35 PM   #22
Z038
Member
 
Registered: Jan 2006
Distribution: Slackware
Posts: 851

Rep: Reputation: 169Reputation: 169
Reaper, why do you keep bringing up SELinux? As you stated the first time you mentioned it, Slackware doesn't use it, and so it doesn't seem particularly relevant to the OP's question.
 
Old 01-01-2014, 11:56 PM   #23
enorbet
Senior Member
 
Registered: Jun 2003
Location: Virginia
Distribution: Slackware = Main OpSys for decades while testing others to keep up
Posts: 2,217

Rep: Reputation: 2236Reputation: 2236Reputation: 2236Reputation: 2236Reputation: 2236Reputation: 2236Reputation: 2236Reputation: 2236Reputation: 2236Reputation: 2236Reputation: 2236
OK through the philosophical portion of this thread I think we've established that the only way to have 100% security, short of staying powered down, is to connect to nothing, no NICs no modems no CD/DVDs, USB drives or floppies.

Maybe I'm not paranoid enough but I'm pretty happy with a hardware firewall on top of iptables software firewalls (not to the extreme of a DMZ or anything) and all services I don't regularly need turned off. I follow rkhunter's lead in configuring SSH and inetd and check hidden files and file changes.

I used to run Tripwire (and toyed with Samhain) but it never got tripped so I stop bothering. So first off are we restricting this to Desktops and maybe SOHO machines or is this wide open, encompassing multi-workstation networks etc?? and just how hardened do you guys wish to be?

Last edited by enorbet; 01-01-2014 at 11:58 PM.
 
Old 01-02-2014, 12:18 AM   #24
qweasd
Member
 
Registered: May 2010
Posts: 613

Rep: Reputation: Disabled
Quote:
Originally Posted by Alien Bob View Post
Actually there has been such an effort.
A very interesting piece of history Of course, when I said "easy", I only meant the theoretical side of the issue. The practical difficulty of forking out, hosting and maintaining a free repo, all the while maintaining compatibility seems like a daunting task, which is why I confined my own deblobbing efforts to documentation (and, of course, keeping my own systems free).

Can I ramble for a bit? While I have nothing but respect for FSF and everything I know they do, their certification is not the holy grail of free computing. The Debian debacle taught me that a distribution can be free, technically speaking, yet fail to be certified because of the political differences. May be the "right" approach for distributions like Slackware is not to seek anyone's certification, but to provide the practical means for freedom. If there was a well-documented way to deblob the installation media, as well as a free (back and forth binary-compatible) slackpkg mirror, then the question of certification would become moot. The cost of doing something like this would arguably be a lot less than of maintaining a full-blown fork.
 
Old 01-02-2014, 12:26 AM   #25
ReaperX7
LQ Guru
 
Registered: Jul 2011
Location: California
Distribution: Slackware64-Current
Posts: 6,446
Blog Entries: 15

Rep: Reputation: 2016Reputation: 2016Reputation: 2016Reputation: 2016Reputation: 2016Reputation: 2016Reputation: 2016Reputation: 2016Reputation: 2016Reputation: 2016Reputation: 2016
Quote:
Originally Posted by Z038 View Post
Reaper, why do you keep bringing up SELinux? As you stated the first time you mentioned it, Slackware doesn't use it, and so it doesn't seem particularly relevant to the OP's question.
I brought it up as a reference example to a true Code Hardened Linux is compared to a Security Hardened implementation. The concept is what it is, and it was relevant to his question about properly securing the system using a proper security implementation.

The FSF's specification is just that, a specification. It gives a baseline into what can be done with free open source software only, but honestly it does have it's limits as to get a maximum useful system you have to mix free and non-free software.

Last edited by ReaperX7; 01-02-2014 at 12:40 AM.
 
Old 01-02-2014, 01:16 AM   #26
kooru
Senior Member
 
Registered: Sep 2012
Posts: 1,385

Rep: Reputation: 274Reputation: 274Reputation: 274
Maybe this project can be useful
 
2 members found this post helpful.
Old 01-02-2014, 03:09 AM   #27
ReaperX7
LQ Guru
 
Registered: Jul 2011
Location: California
Distribution: Slackware64-Current
Posts: 6,446
Blog Entries: 15

Rep: Reputation: 2016Reputation: 2016Reputation: 2016Reputation: 2016Reputation: 2016Reputation: 2016Reputation: 2016Reputation: 2016Reputation: 2016Reputation: 2016Reputation: 2016
Quote:
Originally Posted by kooru View Post
Maybe this project can be useful
That's actually a sound project, but honestly you should read through the scripts prior to usage and learn to perform those actions without an automated script. It's very comprehensive, but not everyone will need everything it offers, and everything it offers may not be advised for all users.

Plus one action you should do isn't listed which is locking down root using a combination of enabling KDM in inittab and disabling root log in from the default of enabled to disabled, after setting up a secondary login with the wheel group.

There is no magic button, no quick fix, no automated do-it-all script that will ever replace proper administration efforts and effective policy enforcements in systems and networks along common sense tactics and proper implementations of these fore mentioned efforts.
 
Old 01-02-2014, 03:28 AM   #28
kooru
Senior Member
 
Registered: Sep 2012
Posts: 1,385

Rep: Reputation: 274Reputation: 274Reputation: 274
I agree with you.
"quick fix" was not my scope when i've put the link but only a good documentation to start.
 
Old 01-02-2014, 04:04 AM   #29
ReaperX7
LQ Guru
 
Registered: Jul 2011
Location: California
Distribution: Slackware64-Current
Posts: 6,446
Blog Entries: 15

Rep: Reputation: 2016Reputation: 2016Reputation: 2016Reputation: 2016Reputation: 2016Reputation: 2016Reputation: 2016Reputation: 2016Reputation: 2016Reputation: 2016Reputation: 2016
Quote:
Originally Posted by kooru View Post
I agree with you.
"quick fix" was not my scope when i've put the link but only a good documentation to start.
You are right Kooru. Research is always needed to start drafting an effective security policy, and not only enforcing it, but maintaining it, updating it, fine tuning it, and deploying it.

Last edited by ReaperX7; 01-02-2014 at 04:05 AM.
 
Old 01-02-2014, 12:56 PM   #30
hitest
Guru
 
Registered: Mar 2004
Location: Prince Rupert, B.C., Canada
Distribution: Slackware, OpenBSD
Posts: 5,779

Original Poster
Rep: Reputation: 1901Reputation: 1901Reputation: 1901Reputation: 1901Reputation: 1901Reputation: 1901Reputation: 1901Reputation: 1901Reputation: 1901Reputation: 1901Reputation: 1901
Quote:
Originally Posted by enorbet View Post
So first off are we restricting this to Desktops and maybe SOHO machines or is this wide open, encompassing multi-workstation networks etc?? and just how hardened do you guys wish to be?
Good point. I was thinking primarily about a small home network. I've got four Slackware boxes that I administer. But, I welcome all comments about hardening and protecting Slackware.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] slackware hardening tips -Su: authentication failure san2ban Slackware 20 08-04-2013 02:08 AM
[SOLVED] Protecting Slackware Konphine Slackware 31 07-19-2011 10:25 PM
Slackware hardening guide tangle Slackware 4 03-14-2005 09:47 PM
Hardening Slackware AhYup Slackware 8 03-07-2005 06:35 PM
is slackware protecting me? shanenin Slackware 1 10-19-2003 09:28 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 07:13 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration