Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Hardened Debian Security Focused Distribution - Feedback Wanted!

TNT BOM BOM bo0od at
Thu Sep 27 00:10:00 PDT 2018

=== scope ===

* will be initially released for VMs (VirtualBox, Qubes, maybe KVM)
* “sudo apt-get install hardened-debian-cli” will be possible on bare
metal Debian hosts, in other words installations of Debian can be easily
converted into Hardened Debian by installing the hardened-debian-cli or
other hardened debian package
* maybe later available as ISO for installation on hardware depending on
community interest and support

=== hardening by default in Hardened Debian version 1 ===

* install haveged by default for better entropy
* sdwdate ( rather than insecure NTP
* security-misc ( - (deactivates
previews in Dolphin; deactivates previews
in Nautilus; deactivates TCP timestamps; deactivates Netfilter’s
connection tracking helper;)
* open-link-confirmation
* enable apparmor by default
* available apparmor profiles
* hopefully spectre / meltdown resistant by default

=== hardening by default in Hardened Debian version 2 ===

* hardened browser (
Tor Browser without Tor)

=== hardening by default in Hardened Debian version 3 ===

* better kernel version

=== usability by default ===

* 2
* 2

=== desktop environment ===

- initially will be available most likely for:

* CLI only (console only, no desktop environment)

- Later on likely for:


=== vision ===

* computer security community is larger than computer anonymity
community - we can work on a shared interest that is security
* we apply as many security settings by default
* we apply as much as default from
* Hardened Debian will be the base for Whonix - Anonymous Operating
System ( Whonix is
applying most of above already anyhow)

=== development status of version 1 ===

* approximately 50% done
* meta package "hardened-debian-kde" and "hardened-debian-cli" exist -
* most packages working (since reused from Whonix)
* build script ready (--flavor hardened-debian-kde / --hardened-debian-cli)
* builds successfully

=== temporary homepage ===

=== Questions ===

* Are you interested in Hardened Debian? What do you think? What would
you like to see? Any suggestions?

More information about the liberationtech mailing list