Wendzel Linux 1.0.3 review

Wendzel Linux is a hardened and minimalized version of Slackware Linux. Wendzel Linux includes a grsec hardened kernel, hardened v

License: GPL (GNU General Public License) File size: 0K Developer: Steffen Wendzel

0

Wendzel Linux is a hardened and minimalized version of Slackware Linux.

Wendzel Linux includes a grsec hardened kernel, hardened versions of Slackware packages, and userspace hardening.

Here are some key features of "Wendzel Linux":
BASE SYSTEM
No default open remote ports (except SSH)
Lot's of removed default groups+users.
Heavily restricted file system permissions (specially for SUID/GUID binarys, sticky bits and so on).
improved login configuration
Minimalized! (ISO image size is only 190MB!)
TODO: Recompile tools with -fPIC/-fPIE/-pie

PACKAGE SYSTEM
Comes only with packages needed by a firewall, router, bastion host or security system.
Includes hardened versions of many packages an has it's own package download website and security update-site.
Yes, you can use all the slackware packages too, if you want. If you want KDE+Kdevelop, just install the slackware packages.
Additional packages (only a few at the moment): hardened kernel with grsec ("kernel-sec") and gradm

KERNEL
Includes the grsecurity patch configured in 'custom' mode security. This includes:
legacy ELF header marking
ELF program header marking
Enfoce Non-executable pages
Address Space Layout Randomization

RBAC
/proc restrictions
linking restrictions
FIFO restrictions
chroot jail restrictions
Different Logging Options (chdir(), exec() within chroot(), ...)
Enforce RLIMIT_NPROC on exec()
Unused Shared Memory removement
Random PIDs
Random TCP source ports

ADDITIONAL FEATURES
Includes the popular 'webmin' webinterface for easy administration
TODO: It comes with a default running individual intrusion detection system based on shell scripts.