Date: Thu, 13 May 1999 16:05:35 -0400 From: "J. Lasser" <jon@lasser.org> To: security-audit@ferret.lmh.ox.ac.uk Subject: Secure Linux Distribution project --iBwuxWUsK/REspAd Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable This is a pre-pre announcement, just a note to see who else is doing similar things, who would be interested in helping, &c. Nothing in this e-mail is to be considered as written in stone, and some of it may be my complete and utter misinterpretation of what's going on. Last year and into this past January, I developed a (very modestly) more secure (and heavily customized for our environment) Linux distribution based very closely on Red Hat 5.2. At the SANS conference here in Baltimore this week, SANS has decided to do a similar project; currently it looks like I'm at the helm. (Ack! Authority!) They are quite interested in adding a secure Linux track to their December conference in San Francisco, but I assume that's still up in the air. They want a distribution done by then. The main target for the distribution is universities and educational institutions. To my mind, however, this doesn't preclude general usefulness, it just means a small number of additional tools to customize CD/net installs for specific places. (I think that a front-end for Red Hat's Kickstart would be a good way of doing this, though a couple of other pieces may be necessary.) It looks like the distribution will be based, at least initially, on Red Hat for several reasons: 1. It's the most common distribution; we want people to want to use it, so we have to be like what they want to use. 2. The packaging format is good (does one critical thing which Debian packages don't and which we need: multiple patches per package) though not perfect. (Nothing is, though.) 3. The install process is GPL'ed, so we can muck around with it to our heart's content. (The SuSE installer is NOT, AFAIK, and doesn't even seem to qualify as open source, according to what I've heard.) 4. I've mucked with the installer before in some ways, so I'm at least a little comfortable with it. :-) 5. It's reliably multi-platform. While x86 is our primary target, it's certainly not our only target. Right now, I'm looking for a few things: 1. A list of other folks who've secured Linux distributions in the past and would be interested in unifying their work with others. It seems that most folk who have done this (myself included) did a lot of installation-specific stuff that could likely be generalized to some extent. 2. A list of other similar projects we should be corresponding with. Also, sites with information on how to do this are good too. 3. Anyone who wants to be on our mailing list (not yet created, but will be soon.) 4. Anyone who would like a leadership role in the project. PLEASE don't say you do unless you're really serious about it -- we've got a rather tight timeline and I don't want to mess around. 5. General comments, pointers, and advice are always welcome. 6. Anyone with lots of experience with the Red Hat installer. :-) 7. Anyone who'd like (okay, like's a pretty strong word) to maintain some web pages for this. Ideally, of course, I'd like our work to be folded back into Red Hat; however, that is a secondary goal. I also would like to try and track whatever applicable standards we're able to deal with. This is only a pre-pre-announce, as I noted above, because I'm not yet sure what infrastructure we've got or will need. Besides, I don't want to announce what we've got until we've at least got some mailing lists to work with. Thanks for any and all help/interest. Jon Lasser --=20 Jon Lasser (410)383-7962 http://www.tux.org/~lasser/ Work: jon@umbc.edu Home: jon@lasser.org "The more you drive, the less intelligent you get." -- Repo Man --iBwuxWUsK/REspAd Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia iQCVAwUBNzswjysJJQQiCQ0lAQH//gQAqzcLO/Dd8Bv5iCWX+Dhz5Wrcx3gkQEpy qOePp0gzYilBrFvr1gKcgP1XO1N2jLqClQpQd8VUMo1i1+Gwb11Bdd3JT7gdhy6e R+9abHKaHlM/ZHItnwWFwQdjrVe6QByhmgubyGZAAbYLGv3D2pMLX9s52Fpx4R3x 18oF2l3lx6g= =HwJ7 -----END PGP SIGNATURE----- --iBwuxWUsK/REspAd--