From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1GNhJx-0007VZ-Ll for garchives@archives.gentoo.org; Thu, 14 Sep 2006 02:51:22 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.13.8/8.13.6) with SMTP id k8E2nYCC021354; Thu, 14 Sep 2006 02:49:34 GMT Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) by robin.gentoo.org (8.13.8/8.13.6) with ESMTP id k8E2gLhV019124 for ; Thu, 14 Sep 2006 02:42:21 GMT Received: from localhost (localhost [127.0.0.1]) by smtp.gentoo.org (Postfix) with ESMTP id E1A21645AE for ; Thu, 14 Sep 2006 02:42:20 +0000 (UTC) Received: from smtp.gentoo.org ([127.0.0.1]) by localhost (smtp.gentoo.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 14207-14 for ; Thu, 14 Sep 2006 02:42:19 +0000 (UTC) Received: from ciao.gmane.org (main.gmane.org [80.91.229.2]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTP id 2FC41645AC for ; Thu, 14 Sep 2006 02:42:19 +0000 (UTC) Received: from list by ciao.gmane.org with local (Exim 4.43) id 1GNhB7-0007QE-Ng for gentoo-user@gentoo.org; Thu, 14 Sep 2006 04:42:13 +0200 Received: from www.buffer.net ([24.73.161.102]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Thu, 14 Sep 2006 04:42:13 +0200 Received: from wireless by www.buffer.net with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Thu, 14 Sep 2006 04:42:13 +0200 X-Injected-Via-Gmane: http://gmane.org/ To: gentoo-user@lists.gentoo.org From: James Subject: [gentoo-user] Re: Simplified apache2 Date: Thu, 14 Sep 2006 02:41:57 +0000 (UTC) Message-ID: References: <558b73fb0609120808k799baf30j41560442b9c38d12@mail.gmail.com> <45084B2F.40908@comcast.net> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@gentoo.org Reply-to: gentoo-user@lists.gentoo.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Complaints-To: usenet@sea.gmane.org X-Gmane-NNTP-Posting-Host: main.gmane.org User-Agent: Loom/3.14 (http://gmane.org/) X-Loom-IP: 24.73.161.102 (Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.7.13) Gecko/20060911) Sender: news X-Virus-Scanned: amavisd-new at gentoo.org X-Spam-Status: No, score=-2.567 required=5.5 tests=[AWL=0.032, BAYES_00=-2.599] X-Spam-Score: -2.567 X-Spam-Level: X-Archives-Salt: 9a6380a7-8086-400d-a942-6bb5ae4ebf39 X-Archives-Hash: 2ad47c763f8679e66e6af3c24430f9b7 Brian Davis comcast.net> writes: > Can one covert a non-hardended machine to use the hardended-profile, or > do you have to start from scratch? Hello Brian, The short answer is YES. The correct answer is you have to read quite a lot (I'm in the middle of that) and decide which 'path/technology' you want to follow. Here's docs you should start looking at: http://www.gentoo.org/proj/en/hardened/primer.xml http://www.gentoo.org/proj/en/hardened/ I choose 'SElinux' as the path to follow for me that makes most sense. Since the NSA was the prime motivator, it's an easy path to convince my clients to follow. Although SElinux is not a complete solution, other complementary software combined with SElinux does provide for a complete (security) solution, almost..... http://www.gentoo.org/proj/en/hardened/selinux/ http://www.gentoo.org/proj/en/hardened/selinux/selinux-handbook.xml http://www.gentoo.org/proj/en/hardened/selinux/selinux-handbook.xml?part=2 hth, http://www.gentoo.org/proj/en/hardened/selinux/selinux-handbook.xml?part=2 James -- gentoo-user@gentoo.org mailing list