Secure by design...

Talk here about security in general. Posting illegals software is prohibited. All stuffs in this forum must be considered as for "Educational purpose only".
Post Reply
fullmoonremix

Secure by design...

Post#1 by fullmoonremix » 16 Mar 2016, 11:52

Salutations... :good:

When a firewall (defaulted to "OFF"...???) is just NOT enough... :wall:
So... viewtopic.php?f=53&t=5557&p=43228&hilit ... pia#p43228

I thought it would be a good idea to expand the "firewall" (intrusion?) dialogue.
Reflections from the community... are encouraged.

IMHO... :oops: nanokernels... kernel patches... traffic filtering... and authentication are valuable assets for any "secure" OS or any OS for that matter.
By default they should be in place and NOT merely an option to be installed or activated by the user (see... Hardened Gentoo ).

Also see... Adaptive Domain Environment for Operating Systems
(... kernel patching is above my level of the food chain @ least for now. So... those that are able and motivated please share your experience w/ Adeos on Porteus)

Best Regards... :beer:

Posted by 73.150.85.78 via http://webwarper.net
This is added while posting a message to avoid misusing the service
Last edited by fullmoonremix on 01 Apr 2016, 13:42, edited 3 times in total.

User avatar
brokenman
Site Admin
Site Admin
Posts: 5460
Joined: 27 Dec 2010, 03:50
Distribution: Porteus v3.2rcX all desktops
Location: Brazil
Contact:

Re: Access Control...

Post#2 by brokenman » 22 Mar 2016, 00:34

By default they should be in place and NOT merely an option to be installed or activated by the user (see... Hardened Gentoo ).
Isn't it just a little ironic that Gentoo has its main version and then a side version called 'Hardened Gentoo'. It seems the default is non hardened, but those that want security as a priority can 'opt in' for a hardened version. I am also a Gentoo user.

Kernel patches are no problem for me. If you can point me to them I can review them. However I can't recommend adeos ... a project that hasn't moved in over 12 years.
How do i become super user?
Wear your underpants on the outside and put on a cape.

fullmoonremix

Re: Access Control...

Post#3 by fullmoonremix » 22 Mar 2016, 16:53

Salutations... :good:

As is the nature of all things... (opt in/out) "damned if you do... damned if you don't"... :wall:

The Adeos url is inactive NOT the project which is why GNU still hosts it.
http://download.gna.org/adeos/patches/v3.x/x86/

Adeos is less esoteric than Hurd so in probability easier to implement because it involves patching instead of replacement.

Grsecurity is a good starting point if the Adeos nano kernel is too gnarly for you. In any case... the Adeos proof of concept
(is the same as MINIX which was used to develop and influence the Linux kernel) is brilliant as is also GNU Hurd which has an Arch version.

I look forward to your review. (Perhaps?)... :unknown: these projects might be a good fit (even if only as a derivative).
The "buzz" phrase "self healing" promoted in today's IT news media (to sell products) is simply... Fault tolerance .

These projects address this issue. To me IT defense is analogous to boxing... :x "you're gonna get hit... you might get hurt... you may even get knocked down". The question is... will you get knocked out?

Best Regards... :beer:

Posted by 73.150.85.78 via http://webwarper.net
This is added while posting a message to avoid misusing the service

User avatar
brokenman
Site Admin
Site Admin
Posts: 5460
Joined: 27 Dec 2010, 03:50
Distribution: Porteus v3.2rcX all desktops
Location: Brazil
Contact:

Re: Secure by design...

Post#4 by brokenman » 24 Apr 2016, 19:36

The Adeos url is inactive NOT the project which is why GNU still hosts it.
http://download.gna.org/adeos/patches/v3.x/x86/
I think I've said this before, but these kernel patches are over a year old. The latest stable kernel (as of today) is 4.5.2. The Adeos patches at this URL only go up to v3.x. Running such an old kernel is in and of itself a security concern. Is there any other URL for maintained and current patches?
How do i become super user?
Wear your underpants on the outside and put on a cape.

fullmoonremix

Re: Secure by design...

Post#5 by fullmoonremix » 25 Apr 2016, 01:36

Salutations... :good:

ipipe core 3.18 appears to be the "ADEOS" revision/release number.
Linux kernel 3x released was years ago... what was posted was last spring which appears to relate to the ADEOS release cycle .

Some projects have cycles that are longer than 1 year.
Sometimes a project site is unmaintained but the project is still hosted (eg. sourceforge "mob branch") and receiving commits.

Unlike the grsecurity site... that ftp link does not appear to specify the corresponding kernel #. :unknown:
I'll attempt to find documentation confirming the kernel requirements. It's likely included with the patch.

"Best Regards"... :beer:
Last edited by fullmoonremix on 26 Apr 2016, 13:50, edited 5 times in total.

fullmoonremix

Re: Secure by design...

Post#6 by fullmoonremix » 25 Apr 2016, 11:01

Salutations... :good:

Hmmm... :evil: it's getting warmer? Maybe... the numbers do coincide. The Xenomai ftp site lists "4.1.18" (04/24/16).
The Xenomai project (ADEOS + PREEMPT_RT) currently maintains the ADEOS patches (see... http://xenomai.org/downloads/ipipe/v4.x/x86/ )

If that is the best they've got I'll take it. If it breaks... oh well. Because "nothing beats a fail like a try".
This only means the resulting derivative instead of beta will be alpha (< "production"... but > "proof of concept").

Consider this... as this project's maintainer if you reach out to Xenomai...
you will have more credibility (clout?) than the average end user.

Pls Note: This is not always the case. I successfully reached out to Bill Spitzak (FLTK) and Studioware. However... that is the exception that proves the rule.
In any case... the way I see things (if successful) this derivative could be the next "Nemesis". This could start out as a derivative and end up as a deprecation of the default.

"Best Regards"... :beer:

fullmoonremix

Re: Secure by design...

Post#7 by fullmoonremix » 28 Apr 2016, 19:37

Salutations... :good:

If I come across any more info I'll pass it on.

"Best Regards"... :beer:

Post Reply