From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org)
	by nuthatch.gentoo.org with esmtp (Exim 4.60)
	(envelope-from <gentoo-user+bounces-50952-garchives=archives.gentoo.org@gentoo.org>)
	id 1GNhJx-0007VZ-Ll
	for garchives@archives.gentoo.org; Thu, 14 Sep 2006 02:51:22 +0000
Received: from robin.gentoo.org (localhost [127.0.0.1])
	by robin.gentoo.org (8.13.8/8.13.6) with SMTP id k8E2nYCC021354;
	Thu, 14 Sep 2006 02:49:34 GMT
Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183])
	by robin.gentoo.org (8.13.8/8.13.6) with ESMTP id k8E2gLhV019124
	for <gentoo-user@lists.gentoo.org>; Thu, 14 Sep 2006 02:42:21 GMT
Received: from localhost (localhost [127.0.0.1])
	by smtp.gentoo.org (Postfix) with ESMTP id E1A21645AE
	for <gentoo-user@lists.gentoo.org>; Thu, 14 Sep 2006 02:42:20 +0000 (UTC)
Received: from smtp.gentoo.org ([127.0.0.1])
 by localhost (smtp.gentoo.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 14207-14 for <gentoo-user@lists.gentoo.org>;
 Thu, 14 Sep 2006 02:42:19 +0000 (UTC)
Received: from ciao.gmane.org (main.gmane.org [80.91.229.2])
	(using TLSv1 with cipher AES256-SHA (256/256 bits))
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTP id 2FC41645AC
	for <gentoo-user@gentoo.org>; Thu, 14 Sep 2006 02:42:19 +0000 (UTC)
Received: from list by ciao.gmane.org with local (Exim 4.43)
	id 1GNhB7-0007QE-Ng
	for gentoo-user@gentoo.org; Thu, 14 Sep 2006 04:42:13 +0200
Received: from www.buffer.net ([24.73.161.102])
        by main.gmane.org with esmtp (Gmexim 0.1 (Debian))
        id 1AlnuQ-0007hv-00
        for <gentoo-user@gentoo.org>; Thu, 14 Sep 2006 04:42:13 +0200
Received: from wireless by www.buffer.net with local (Gmexim 0.1 (Debian))
        id 1AlnuQ-0007hv-00
        for <gentoo-user@gentoo.org>; Thu, 14 Sep 2006 04:42:13 +0200
X-Injected-Via-Gmane: http://gmane.org/
To: gentoo-user@lists.gentoo.org
From: James <wireless@tampabay.rr.com>
Subject: [gentoo-user]  Re: Simplified apache2
Date: Thu, 14 Sep 2006 02:41:57 +0000 (UTC)
Message-ID:  <loom.20060914T043140-148@post.gmane.org>
References:  <loom.20060912T142340-527@post.gmane.org> <558b73fb0609120808k799baf30j41560442b9c38d12@mail.gmail.com> <45084B2F.40908@comcast.net>
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
Mime-Version:  1.0
Content-Type:  text/plain; charset=us-ascii
Content-Transfer-Encoding:  7bit
X-Complaints-To: usenet@sea.gmane.org
X-Gmane-NNTP-Posting-Host: main.gmane.org
User-Agent: Loom/3.14 (http://gmane.org/)
X-Loom-IP: 24.73.161.102 (Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.7.13) Gecko/20060911)
Sender: news <news@sea.gmane.org>
X-Virus-Scanned: amavisd-new at gentoo.org
X-Spam-Status: No, score=-2.567 required=5.5 tests=[AWL=0.032,
 BAYES_00=-2.599]
X-Spam-Score: -2.567
X-Spam-Level: 
X-Archives-Salt: 9a6380a7-8086-400d-a942-6bb5ae4ebf39
X-Archives-Hash: 2ad47c763f8679e66e6af3c24430f9b7

Brian Davis <bridavis <at> comcast.net> writes:


> Can one covert a non-hardended machine to use the hardended-profile, or 
> do you have to start from scratch?


Hello Brian,

The short  answer is YES. The correct answer is you have to 
read quite a lot (I'm in the middle of that) and decide
which 'path/technology' you want to follow. Here's docs
you should start looking at:

http://www.gentoo.org/proj/en/hardened/primer.xml
http://www.gentoo.org/proj/en/hardened/

I choose 'SElinux' as the path to follow for me
that makes most sense. Since the NSA was the prime
motivator, it's an easy path to convince my clients
to follow. Although SElinux is not a complete
solution, other complementary software  combined with 
SElinux does provide for a complete (security) solution,
almost..... 


http://www.gentoo.org/proj/en/hardened/selinux/
http://www.gentoo.org/proj/en/hardened/selinux/selinux-handbook.xml
http://www.gentoo.org/proj/en/hardened/selinux/selinux-handbook.xml?part=2

hth,
http://www.gentoo.org/proj/en/hardened/selinux/selinux-handbook.xml?part=2
James



-- 
gentoo-user@gentoo.org mailing list