Darren et al, FYI. Just last night, I finished building a security hardened version of JeOS [OpenSolaris 2009.06] (for my own purposes) that implements:
1. CIS OpenSolaris security hardening recommendations http://blogs.sun.com/gbrunett/entry/free_security_hardened_virtual_machine 2. Encrypted swap http://blogs.sun.com/gbrunett/entry/encrypted_swap_in_opensolaris_2009 3. Encrypted scratch space http://blogs.sun.com/gbrunett/entry/encrypted_scratch_space_in_opensolaris 4. Solaris auditing (basic configuration - lo,ad,ex (+argv) 5. Solaris IP Filter (basic configuration - DHCP+SSH only in, all out) I am looking into the feasibility of using configurations such as this (JeOS or not) as base images for targeted "stacks" such as AMP, Drupal, Hadoop, MediaWiki, etc.). g On 6/16/09 8:53 AM, Darren J Moffat wrote: > There is a security/hardening aspect to this project proposal so > security-discuss members might be interested as well. > > -------- Original Message -------- > Subject: [appliances-discuss] Project Proposal: JeOS > Date: Mon, 08 Jun 2009 10:47:26 -0500 > From: Christopher Kampmeier <Christopher.Kampmeier at Sun.COM> > To: appliances-discuss at opensolaris.org, install-discuss at opensolaris.org > CC: Glenn Brunette <Glenn.Brunette at Sun.COM>, Sujeet Vasudevan > <Sujeet.Vasudevan at Sun.COM> > > Leaders of Installation and Packaging and Appliances Communities, > > This message is request your sponsorship for the establishment of a > "JeOS" or "Just enough Operating System" project as part of the > OpenSolaris Installation and Packaging community. > > Although we've discussed this project with Dave Miner and have his > sponsorship support, we'd also like to hear from the other leaders and > members of these communities. > > Please review and respond to this request by end of Thursday this week. > > Once we have more sponsorship feedback, we'll ask Dave to trigger the > project setup request. > > Thanks, > Chris Kampmeier > > > Background > ========== > If you are not familiar with JeOS, see: > > http://en.wikipedia.org/wiki/Just_enough_operating_system > > To get the ball rolling in this project we will be publishing a > prototype form of an OpenSolaris 2008.11 JeOS this week. This new > project will begin shaping a 2009.06 iteration of JeOS prototype that is > in its early stage of definition. > > Project Description > =================== > Focuses on the definition and delivery of reduced forms of OpenSolaris > for headless server, small system and hardware appliances deployments > using both virtual machine (VM) image and bare metal installation > techniques. > > Scope > ===== > * Provide an anchor for discussions and RFEs concerning OpenSolaris JeOS > capabilities. > > * Define OpenSolaris profiles and associated meta-packages geared to > reduced sized installations. > > * Deliver ready-to-use, developer quality OpenSolaris JeOS VM images for > popular v12n platforms and aligned with named OpenSolaris releases. > > * Work with the OpenSolaris program to plan for the productization of > JeOS images and JeOS install techniques. > ** Help integrate building of JeOS images into standard OpenSolaris > build process. > ** Help drive scoping of testing required for production supported JeOS > images. > > * Define out-of-the-box experience for the JeOS images. > > * Ensure standard security hardening techniques are applied to JeOS images. > > * Provide input into other efforts to ensure OpenSolaris properly > integrates on various system virtualization and cloud platforms. > > * Complement various forms of establishing OpenSolaris JeOS > installations such as Automated Installer and Distro and VM Constructor > by providing JeOS-oriented input to them on requirements, install > profiles, meta-packages, etc. > > Initial Contributors > ==================== > * Rudolf Kutina > * Gabor Puhalla > * Chris Kampmeier > * Kohsuke Kawaguchi > > _______________________________________________ > appliances-discuss mailing list > appliances-discuss at opensolaris.org > http://mail.opensolaris.org/mailman/listinfo/appliances-discuss >
