yeah actually I am, I'm also interested in seeing things like
samba/ldap/kerberos and selinux modules work the same way as group policy
objects and administrative templates work.
On Fri, Aug 1, 2008 at 5:24 AM, dante <[EMAIL PROTECTED]> wrote:
> Hi everyone,
>
> My students and I have started a new gnome-based desktop linux distro
> derived from hardened Gentoo. It may be of interest to people on this
> list.
>
> Tin Hat is pretty much Gentoo, but it runs purely in RAM. It boots from
> CD or pen drive, but is not a liveCD in that it doesn't mount a file
> system from the boot device. Rather it copies its squashfs from CD to
> tmpfs in RAM. Booting is slow, it requres 4 GB of RAM or more, but it
> is lightening fast once up. ("emerge --sync" takes about a minute
> between a Tin Hat system offering portage, and one sync-ing from
> scratch. Firefox starts in about 1 second.)
>
> Tin Hat was started before the recent coldboot attacks. Within the
> limit of such attacks, Tin Hat aims at "zero information loss" if
> physical access is obtained to a system which is powered down. We add
> Ruusu's loop-aes patch to the kernel so that any hard drives are mounted
> using one of the best implimentations of block cipher encryptions we
> know of. During power up, Tin Hat uses GRSEC/PaX hardening to hedge
> against all the usual attacks. We are now thinking about our own patch
> to obfuscate data in RAM to protect against coldboot --- but to be
> honest, we think we can only make it harder, not impossible.
>
> Tin Hat is stable. We run 6 systems persistently on clean power and
> have typical up times of a couple of months.
>
> We never intended on releasing Tin Hat, but the students love it so much
> (the speed!) we thought of announcing it on freshmeat. I thought I'd
> post to this list because of it is a successful implementation of
> hardened Gentoo.
>
> Home page: http://opensource.dyc.edu/tinhat
> Freshmeat: http://freshmeat.net/projects/tinhat
>
> Anthony G. Basile
> Chair of Information Technology
> D'Youville College
> Buffalo NY 14201
>
> (716) 829-8197
>
>
>
>
>
