On 05/02/12 04:55, Giorgos Keramidas wrote: > On Fri, Apr 27, 2012 at 11:18 PM, Mehmet Erol Sanliturk > <m.e.sanlit...@gmail.com> wrote: >> Another point is that server installers are highly educated with respect to >> desktop installers and their numbers are small with respect to desktop >> users . >> >> For them , it is very easy to "harden" FreeBSD after installation if ever >> it is needed , because during installation , it is a simple question to ask >> : >> >> Will this be used as a Server ? > > Judging from the amount of effort it takes to "harden" a system > that already starts a thousand services (typical "desktop Linux" > scenario these days), and the number of times I've seen this > sort of customization cause even more headaches, I'd say this > is a slightly exaggerated statement.
You might be thinking of SELinux, which is not the only option for hardening. The Gentoo Hardened project offers multiple options for hardening, of which SELinux is only one: http://www.gentoo.org/proj/en/hardened/ http://www.gentoo.org/proj/en/hardened/primer.xml The PaX/GrSecurity patchset for Linux provides strong ASLR to the both the kernel and userland. To my knowledge, the only BSD that supports ASLR is OpenBSD. > You are right that a "plain user" does not care about why their > CD-ROM is not accessible after installation, but there are two > different ways to approach this: > > - Install and enable everything by default, hoping that nothing > bad happens when an unused service is exploitable. > - Install a minimal system and build from there. > > Most Linux distributions pick the first option. _Some_ Linux > distributions pick the second option (e.g. Gentoo). You might be thinking of Gentoo Linux, rather than Gentoo. The term Gentoo also covers Gentoo/FreeBSD and Gentoo Prefix. Gentoo/FreeBSD replaces the Linux kernel and GNU userland with FreeBSD while Gentoo Prefix provides a userland package manager to UNIX-compatible systems: http://www.gentoo.org/proj/en/gentoo-alt/bsd/fbsd/index.xml http://www.gentoo.org/proj/en/gentoo-alt/prefix/ Neither Gentoo/FreeBSD nor Gentoo Prefix are Linux distributions, so it would be better to refer to Gentoo Linux when talking about the Gentoo Linux distribution. Also, Gentoo's minimalist design is not a form of hardening provided by the Gentoo Hardened project. Most Gentoo Hardened users would not consider it to be hardening.
signature.asc
Description: OpenPGP digital signature
