On Tuesday 04 Jul 2017 05:20:41 Ian Bloss wrote: > You should use the hardened profile with the harden sources. On terms with > security you could compile a hardened kernel but you sacrifice ease of > use by having to manage pax and if you choose an RBAC system like SElinux > or grsecuritys adds more burden. > > Security isn't a product, so I would recommend sticking with regular > profile with stable packages, and be mindful of what you have opened up to > the internet. I would also recommend just reading up on linux security in > general to understand what you're trying to make yourself more secure to.
I second that last point. I looked into hardened Gentoo some years ago and came to the conclusion that it wasn't worth all the extra trouble. My impression (though I could easily be wrong) is that hardening is intended more for protection against local threats, like someone else sitting in your seat, than anything coming in over the wires. In the end I just used the stable sources with a decent firewall: shorewall, in fact. If your network setup isn't too unusual, you can use one of their standard sets of configuration files. That's my two-penn'orth, anyway. -- Regards Peter
