![[LWN Logo]](/images/lwn.banner.gif)
Date: Thu, 13 May 1999 16:05:35 -0400
From: "J. Lasser" <jon@lasser.org>
To: security-audit@ferret.lmh.ox.ac.uk
Subject: Secure Linux Distribution project
--iBwuxWUsK/REspAd
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
This is a pre-pre announcement, just a note to see who else is doing
similar things, who would be interested in helping, &c. Nothing in this
e-mail is to be considered as written in stone, and some of it may be my
complete and utter misinterpretation of what's going on.
Last year and into this past January, I developed a (very modestly) more
secure (and heavily customized for our environment) Linux distribution
based very closely on Red Hat 5.2.
At the SANS conference here in Baltimore this week, SANS has decided to
do a similar project; currently it looks like I'm at the helm. (Ack!
Authority!) They are quite interested in adding a secure Linux track to
their December conference in San Francisco, but I assume that's still up
in the air. They want a distribution done by then.
The main target for the distribution is universities and educational
institutions. To my mind, however, this doesn't preclude general
usefulness, it just means a small number of additional tools to
customize CD/net installs for specific places. (I think that a front-end
for Red Hat's Kickstart would be a good way of doing this, though a
couple of other pieces may be necessary.)
It looks like the distribution will be based, at least initially, on Red
Hat for several reasons:
1. It's the most common distribution; we want people to want to use
it, so we have to be like what they want to use.
2. The packaging format is good (does one critical thing which
Debian packages don't and which we need: multiple patches per
package) though not perfect. (Nothing is, though.)
3. The install process is GPL'ed, so we can muck around with it
to our heart's content. (The SuSE installer is NOT, AFAIK, and
doesn't even seem to qualify as open source, according to what
I've heard.)
4. I've mucked with the installer before in some ways, so I'm at
least a little comfortable with it. :-)
5. It's reliably multi-platform. While x86 is our primary target,
it's certainly not our only target.
Right now, I'm looking for a few things:
1. A list of other folks who've secured Linux distributions in the
past and would be interested in unifying their work with others.
It seems that most folk who have done this (myself included) did
a lot of installation-specific stuff that could likely be
generalized to some extent.
2. A list of other similar projects we should be corresponding
with. Also, sites with information on how to do this are good
too.
3. Anyone who wants to be on our mailing list (not yet created,
but will be soon.)
4. Anyone who would like a leadership role in the project. PLEASE
don't say you do unless you're really serious about it -- we've
got a rather tight timeline and I don't want to mess around.
5. General comments, pointers, and advice are always welcome.
6. Anyone with lots of experience with the Red Hat installer. :-)
7. Anyone who'd like (okay, like's a pretty strong word) to
maintain some web pages for this.
Ideally, of course, I'd like our work to be folded back into Red Hat;
however, that is a secondary goal. I also would like to try and track
whatever applicable standards we're able to deal with.
This is only a pre-pre-announce, as I noted above, because I'm not yet
sure what infrastructure we've got or will need. Besides, I don't want
to announce what we've got until we've at least got some mailing lists
to work with.
Thanks for any and all help/interest.
Jon Lasser
--=20
Jon Lasser (410)383-7962 http://www.tux.org/~lasser/
Work: jon@umbc.edu Home: jon@lasser.org
"The more you drive, the less intelligent you get." -- Repo Man
--iBwuxWUsK/REspAd
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
iQCVAwUBNzswjysJJQQiCQ0lAQH//gQAqzcLO/Dd8Bv5iCWX+Dhz5Wrcx3gkQEpy
qOePp0gzYilBrFvr1gKcgP1XO1N2jLqClQpQd8VUMo1i1+Gwb11Bdd3JT7gdhy6e
R+9abHKaHlM/ZHItnwWFwQdjrVe6QByhmgubyGZAAbYLGv3D2pMLX9s52Fpx4R3x
18oF2l3lx6g=
=HwJ7
-----END PGP SIGNATURE-----
--iBwuxWUsK/REspAd--