hardened linux versions

[elovkoff]

I plan to intall LaBrea on the linux machine exposed directly to the internet. Are there any linux pre-hardened versions that I can download?

P.S> Trinux is not really easy to manage so look for something else...

thx

[Schotty]

Well, there's the NSA kernel that is available. Bastille is pretty hardened. And you can't forget OpenBSD and FreeBSD.

[elovkoff]

1. What is NSA kernel?
2. Bastille script hardens the existing installation, but I'm looking for simething right 'out-of-the-box'
3. The whole idea is to have this host completely open, yet as hardened as possible. (no firewalls, nothing, all ports are opened-this will be used for sticky honeypot, which is LaBrea in fact).

[redhead]

[quote author=elovkoff link=board=1;threadid=3661;start=0#37139 date=1023477494]
1. What is NSA kernel?
[/quote]
http://www.nsa.gov/selinux/
[

[stryder144]

[quote author=elovkoff link=board=1;threadid=3661;start=0#37139 date=1023477494]
1. What is NSA kernel?
2. Bastille script hardens the existing installation, but I'm looking for simething right 'out-of-the-box'
3. The whole idea is to have this host completely open, yet as hardened as possible. (no firewalls, nothing, all ports are opened-this will be used for sticky honeypot, which is LaBrea in fact).
[/quote]

I take it your trying to catch people, yet still keep your system up and running? It sounds like a sting operation. Cool.

[Schotty]

Honeypots are supposed to do that -- lure hackers in. Great way at finding out who is after you. Read a good article on this at SecurityFocus.

[airhead]

Got a link? I'm interested.

[Ashcrow]

Try LIDS (http://www.lids.org) instead of the NSA kernel. As for pre hardened Linux versions you can check out engaurd or in the future Darkfire (shameless plug).

[pbharris]

i would like to try the motorola/HP HA kernel - tyhey are using it to get 6nines availability (up time of 99.9999 % of the time). right now it mainly is used on powerPC (MP860) for telecom infrastruture - e.g. cell phone base stations.