Brian Davis <bridavis <at> comcast.net> writes:
> Can one covert a non-hardended machine to use the hardended-profile, or > do you have to start from scratch? Hello Brian, The short answer is YES. The correct answer is you have to read quite a lot (I'm in the middle of that) and decide which 'path/technology' you want to follow. Here's docs you should start looking at: http://www.gentoo.org/proj/en/hardened/primer.xml http://www.gentoo.org/proj/en/hardened/ I choose 'SElinux' as the path to follow for me that makes most sense. Since the NSA was the prime motivator, it's an easy path to convince my clients to follow. Although SElinux is not a complete solution, other complementary software combined with SElinux does provide for a complete (security) solution, almost..... http://www.gentoo.org/proj/en/hardened/selinux/ http://www.gentoo.org/proj/en/hardened/selinux/selinux-handbook.xml http://www.gentoo.org/proj/en/hardened/selinux/selinux-handbook.xml?part=2 hth, http://www.gentoo.org/proj/en/hardened/selinux/selinux-handbook.xml?part=2 James -- [email protected] mailing list
