On 9/27/2018 9:10 AM, TNT BOM BOM wrote: > === scope === > > * will be initially released for VMs (VirtualBox, Qubes, maybe KVM) > * “sudo apt-get install hardened-debian-cli” will be possible on bare > metal Debian hosts, in other words installations of Debian can be easily > converted into Hardened Debian by installing the hardened-debian-cli or > other hardened debian package > * maybe later available as ISO for installation on hardware depending on > community interest and support >
Being able to do a fresh install of something that involve "security/anonimity" is clearly welcome. I don't feel comfortable installing some "security" on top of something else. > === hardening by default in Hardened Debian version 1 === > > * install haveged by default for better entropy > * sdwdate (https://github.com/Whonix/sdwdate) rather than insecure NTP > (https://www.whonix.org/wiki/Dev/TimeSync) > * security-misc (https://github.com/Whonix/security-misc) - (deactivates > previews in Dolphin; deactivates previews > in Nautilus; deactivates TCP timestamps; deactivates Netfilter’s > connection tracking helper;) > * open-link-confirmation > * enable apparmor by default > * available apparmor profiles > (https://github.com/Whonix?utf8=%E2%9C%93&q=apparmor-profile&type=&language=) > * hopefully spectre / meltdown resistant by default > (https://forums.whonix.org/t/whonix-vulerable-due-to-missing-processor-microcode-packages-spectre-meltdown-retpoline-l1-terminal-fault-l1tf/5739) > > === hardening by default in Hardened Debian version 2 === > > * hardened browser (https://www.whonix.org/wiki/Tor_Browser_without_Tor > Tor Browser without Tor) > > === hardening by default in Hardened Debian version 3 === > > * better kernel version > (https://forums.whonix.org/t/kernel-versions-and-security/5791) > > === usability by default === > > * https://github.com/Whonix/shared-folder-help 2 > * https://github.com/Whonix/usability-misc 2 > > === desktop environment === > > - initially will be available most likely for: > > * CLI only (console only, no desktop environment) Will links2 be available? > * KDE > > - Later on likely for: > > * XFCE > > === vision === > > * computer security community is larger than computer anonymity > community - we can work on a shared interest that is security > * we apply as many security settings by default > * we apply as much as default from > * Hardened Debian will be the base for Whonix - Anonymous Operating > System (https://www.whonix.org/wiki/System_Hardening_Checklist Whonix is > applying most of above already anyhow) > > === development status of version 1 === > > * approximately 50% done > * meta package "hardened-debian-kde" and "hardened-debian-cli" exist - > https://github.com/Whonix/anon-meta-packages/blob/master/debian/control > * most packages working (since reused from Whonix) > * build script ready (--flavor hardened-debian-kde / --hardened-debian-cli) > * builds successfully > > === temporary homepage === > * https://www.whonix.org/wiki/Hardened_Debian > > === Questions === > > * Are you interested in Hardened Debian? What do you think? What would > you like to see? Any suggestions? > Firewall capability would be nice. Remote access to Hardent Debian. Fully installable/usable using CLI. Note that my comments are based on my understanding of Hardent Debian which I understand to be a Debian distribution with security in mind. P.S. My SMTP provider restrict the number of recipients I can send to. -- John Doe -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
