I am too lazy to research it and still wondering. Can someone give me a basic explanation of it?
I am too lazy to research it and still wondering.
The arch wiki wrote about linux-hardened. You can repeat what they say like a machine.
You cannot trust us doing researches for you.
i like to see questions like this when it’s something i’ve never heard about (new to linux), and then come and read an eli5. it’s an easy way for us noobs to collect information and there are always people who enjoy explaining this stuff.
Their words shows that they purely depend on people to quote information for them and they are not going to do researches.
My question would be “how do hardening kargs differ from a hardened kernel”?
Kargs can be dynamically applied and work easily on immutable distros. Tbh a monolithic unhardened kernel is my biggest problem with immutable Distros, as changing that is quite drastic.
Basically, you want to improve the security of Linux, by reducing the attack surface and adding authentication wherever possible? There’s a bunch of practices involved - using a custom hardened kernel focused on security, as well as enabling strong firewall config and disk encryption. I’ve never tried hardening before, so I don’t know if I’m missing anything.
Honestly, you could use OpenBSD here, as it comes hardened out of the box, and it seems be the preferred choice for a security-first computing. But if platform is a constraint, then you may try your luck with
linux-hardened.https://isopenbsdsecu.re/
I don’t think much changed since then, but would love to be proven wrong.+1, but OpenBSD can enforce security (Linux have landlock, *san, ACL, MAC but cannot enforce them, while OpenBSD doesn’t but can enforce pledge and unveil and even for some ports like chromium and firefox)
https://madaidans-insecurities.github.io/
But see Chimera Linux.
I heard of Chimera multiple times now, but everytime I look into it it doesn’t seem to be more interesting and useful than say Alpine.
Do you have any write-ups about the security advantages of Chimera Linux?I mean Chimera is using FreeBSD userland, and they expressed why GNU coreutils used by most distro have “problem”. Since we are talking about BSD. (OpenBSD’s userland is less in feature and it is cleaner)
(so that’s bring an advantage in security lol)
While coreutils may seem lightweight enough to not cause any issues already, there are some specific reasons the system uses a BSD-derived userland. The primary one is probably that the code of the BSD versions is overall much cleaner and easier to read. There are no cursed components such as gnulib, the codebase is leaner, and more aligned with the project’s goals.
Forgot to link a comment on that website: https://marc.info/?l=openbsd-misc&m=158908598913596&w=2
