From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org)
	by finch.gentoo.org with esmtp (Exim 4.60)
	(envelope-from <gentoo-hardened+bounces-2451-garchives=archives.gentoo.org@lists.gentoo.org>)
	id 1LWvjF-0005a5-O5
	for garchives@archives.gentoo.org; Tue, 10 Feb 2009 16:44:58 +0000
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id ABBFBE0412;
	Tue, 10 Feb 2009 16:44:56 +0000 (UTC)
Received: from yx-out-1718.google.com (yx-out-1718.google.com [74.125.44.156])
	by pigeon.gentoo.org (Postfix) with ESMTP id 76FFBE0412
	for <gentoo-hardened@lists.gentoo.org>; Tue, 10 Feb 2009 16:44:56 +0000 (UTC)
Received: by yx-out-1718.google.com with SMTP id 3so286085yxi.46
        for <gentoo-hardened@lists.gentoo.org>; Tue, 10 Feb 2009 08:44:56 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:mime-version:received:in-reply-to:references
         :date:message-id:subject:from:to:content-type;
        bh=FSLTkaZbdp471Ot+GTTpepUi7hylNM+up5CiZMJ8zVI=;
        b=pHiZgPp9020uFMMFA9yjJYiwNqkVQINfb/k2RnZCpCq4tshIh8gj20vKviyHvtweOK
         PzAZYnK74DlahzMebOkDcgU3RNiCFgErXGw3ORLzBtUua/IEkQZxL3SGXJEcjSmyP4Ou
         T7OPGOWnI3xMvZM1sdD7ACGIRSfKgmPKyEvxU=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :content-type;
        b=ar9wGCtKsPO3elKkF9UawD8MvPU6mTm5gQ4x9W+4syKN87Hcn34VVZvMm1LiB5INRS
         sW4yhkGeDq4RNUcrYc/ecW/N77lgFRh49HOzNzh6UkGY2njR7Y49vaCcKpdt01tfsyv7
         hOeszW21HcuBlhh054XSDcGjvi5y9dnA4AXdY=
Precedence: bulk
List-Post: <mailto:gentoo-hardened@lists.gentoo.org>
List-Help: <mailto:gentoo-hardened+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-hardened+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-hardened+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-hardened.gentoo.org>
X-BeenThere: gentoo-hardened@lists.gentoo.org
Reply-to: gentoo-hardened@lists.gentoo.org
MIME-Version: 1.0
Received: by 10.151.107.8 with SMTP id j8mr4061049ybm.183.1234284296000; Tue, 
	10 Feb 2009 08:44:56 -0800 (PST)
In-Reply-To: <49915125.8000703@whyscream.net>
References: <1234258730.28777.12.camel@caguiar-linux.madeiratecnopolo.pt>
	 <49915125.8000703@whyscream.net>
Date: Tue, 10 Feb 2009 10:44:55 -0600
Message-ID: <c8b556060902100844h3d57e4f9xd9f69458f5f083ec@mail.gmail.com>
Subject: Re: [gentoo-hardened] Which profile?
From: Matthew Summers <msummers42@gmail.com>
To: gentoo-hardened@lists.gentoo.org
Content-Type: multipart/alternative; boundary=00151750e18403d61d04629335ca
X-Archives-Salt: 9f4c87d4-aa7d-4369-8c48-06d7000ab996
X-Archives-Hash: a7ed1b8e32dddec7e633c0bef2bf72b6

--00151750e18403d61d04629335ca
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit

On Tue, Feb 10, 2009 at 4:04 AM, Tom Hendrikx <tom@whyscream.net> wrote:

> Clemente Aguiar schreef:
> > I understand that the profiles where updated recently (last year?).
> >
> > Available profile symlink targets:
> >   [1]   hardened/amd64 *
> >   [2]   hardened/amd64/multilib
> >   [3]   selinux/2007.0/amd64
> >   [4]   selinux/2007.0/amd64/hardened
> >   [5]   default/linux/amd64/2008.0
> >   [6]   default/linux/amd64/2008.0/desktop
> >   [7]   default/linux/amd64/2008.0/developer
> >   [8]   default/linux/amd64/2008.0/no-multilib
> >   [9]   default/linux/amd64/2008.0/server
> >   [10]  hardened/linux/amd64
> >
> > Available profile symlink targets:
> >   [1]   hardened/x86/2.6 *
> >   [2]   selinux/2007.0/x86
> >   [3]   selinux/2007.0/x86/hardened
> >   [4]   default/linux/x86/2008.0
> >   [5]   default/linux/x86/2008.0/desktop
> >   [6]   default/linux/x86/2008.0/developer
> >   [7]   default/linux/x86/2008.0/server
> >   [8]   hardened/linux/x86
> >
> >
> > I would like to know what hardened profile I should use when I build new
> > machines? (AMD64 as well as x86)
> >
> > Thanks.
> >
> >
> >
>
> A few days ago I switched an x86 machine from "default/linux/x86/2008.0"
> to "hardened/linux/x86/2008.0/server" after some arbitrary rummaging in
> the profiles directory. This gave me no problems other than the expected
> gcc-4 -> gcc-3 downgrade.
>
> I'm not sure why this profile isn't listed in the eselect profile
> listing above. It doesn't give me a big fat "unsupported profile"
> warning though...
>
> Regards,
>         Tom
>
>

This is a confusing situation.  I am currently using
/usr/portage/profiles/hardened/linux/amd64/2008.0.

This is not explicitly listed in the output of 'eselect profile list'.

Perhaps we could sort this out on the list & then I will write a quick doc
to place in the hardened web space to assist other users.

-- 
M. Summers

"...there are no rules here -- we're trying to accomplish something."
 - Thomas A. Edison

--00151750e18403d61d04629335ca
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<div class=3D"gmail_quote">On Tue, Feb 10, 2009 at 4:04 AM, Tom Hendrikx <s=
pan dir=3D"ltr">&lt;<a href=3D"mailto:tom@whyscream.net">tom@whyscream.net<=
/a>&gt;</span> wrote:<br><blockquote class=3D"gmail_quote" style=3D"border-=
left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left=
: 1ex;">
Clemente Aguiar schreef:<br>
<div><div></div><div class=3D"Wj3C7c">&gt; I understand that the profiles w=
here updated recently (last year?).<br>
&gt;<br>
&gt; Available profile symlink targets:<br>
&gt; &nbsp; [1] &nbsp; hardened/amd64 *<br>
&gt; &nbsp; [2] &nbsp; hardened/amd64/multilib<br>
&gt; &nbsp; [3] &nbsp; selinux/2007.0/amd64<br>
&gt; &nbsp; [4] &nbsp; selinux/2007.0/amd64/hardened<br>
&gt; &nbsp; [5] &nbsp; default/linux/amd64/2008.0<br>
&gt; &nbsp; [6] &nbsp; default/linux/amd64/2008.0/desktop<br>
&gt; &nbsp; [7] &nbsp; default/linux/amd64/2008.0/developer<br>
&gt; &nbsp; [8] &nbsp; default/linux/amd64/2008.0/no-multilib<br>
&gt; &nbsp; [9] &nbsp; default/linux/amd64/2008.0/server<br>
&gt; &nbsp; [10] &nbsp;hardened/linux/amd64<br>
&gt;<br>
&gt; Available profile symlink targets:<br>
&gt; &nbsp; [1] &nbsp; hardened/x86/2.6 *<br>
&gt; &nbsp; [2] &nbsp; selinux/2007.0/x86<br>
&gt; &nbsp; [3] &nbsp; selinux/2007.0/x86/hardened<br>
&gt; &nbsp; [4] &nbsp; default/linux/x86/2008.0<br>
&gt; &nbsp; [5] &nbsp; default/linux/x86/2008.0/desktop<br>
&gt; &nbsp; [6] &nbsp; default/linux/x86/2008.0/developer<br>
&gt; &nbsp; [7] &nbsp; default/linux/x86/2008.0/server<br>
&gt; &nbsp; [8] &nbsp; hardened/linux/x86<br>
&gt;<br>
&gt;<br>
&gt; I would like to know what hardened profile I should use when I build n=
ew<br>
&gt; machines? (AMD64 as well as x86)<br>
&gt;<br>
&gt; Thanks.<br>
&gt;<br>
&gt;<br>
&gt;<br>
<br>
</div></div>A few days ago I switched an x86 machine from &quot;default/lin=
ux/x86/2008.0&quot;<br>
to &quot;hardened/linux/x86/2008.0/server&quot; after some arbitrary rummag=
ing in<br>
the profiles directory. This gave me no problems other than the expected<br=
>
gcc-4 -&gt; gcc-3 downgrade.<br>
<br>
I&#39;m not sure why this profile isn&#39;t listed in the eselect profile<b=
r>
listing above. It doesn&#39;t give me a big fat &quot;unsupported profile&q=
uot;<br>
warning though...<br>
<br>
Regards,<br>
<font color=3D"#888888"> &nbsp; &nbsp; &nbsp; &nbsp;Tom<br>
<br>
</font></blockquote></div><br><br>This is a confusing situation.&nbsp; I am=
 currently using /usr/portage/profiles/hardened/linux/amd64/2008.0.<br><br>=
This is not explicitly listed in the output of &#39;eselect profile list&#3=
9;.<br>
<br>Perhaps we could sort this out on the list &amp; then I will write a qu=
ick doc to place in the hardened web space to assist other users.<br clear=
=3D"all"><br>-- <br>M. Summers<br><br>&quot;...there are no rules here -- w=
e&#39;re trying to accomplish something.&quot;<br>
 &nbsp;- Thomas A. Edison<br>

--00151750e18403d61d04629335ca--