Wendzel Linux 1.0.3 review
DownloadWendzel Linux is a hardened and minimalized version of Slackware Linux. Wendzel Linux includes a grsec hardened kernel, hardened v
|
|
Wendzel Linux is a hardened and minimalized version of Slackware Linux.
Wendzel Linux includes a grsec hardened kernel, hardened versions of Slackware packages, and userspace hardening.
Here are some key features of "Wendzel Linux":
BASE SYSTEM
No default open remote ports (except SSH)
Lot's of removed default groups+users.
Heavily restricted file system permissions (specially for SUID/GUID binarys, sticky bits and so on).
improved login configuration
Minimalized! (ISO image size is only 190MB!)
TODO: Recompile tools with -fPIC/-fPIE/-pie
PACKAGE SYSTEM
Comes only with packages needed by a firewall, router, bastion host or security system.
Includes hardened versions of many packages an has it's own package download website and security update-site.
Yes, you can use all the slackware packages too, if you want. If you want KDE+Kdevelop, just install the slackware packages.
Additional packages (only a few at the moment): hardened kernel with grsec ("kernel-sec") and gradm
KERNEL
Includes the grsecurity patch configured in 'custom' mode security. This includes:
legacy ELF header marking
ELF program header marking
Enfoce Non-executable pages
Address Space Layout Randomization
RBAC
/proc restrictions
linking restrictions
FIFO restrictions
chroot jail restrictions
Different Logging Options (chdir(), exec() within chroot(), ...)
Enforce RLIMIT_NPROC on exec()
Unused Shared Memory removement
Random PIDs
Random TCP source ports
ADDITIONAL FEATURES
Includes the popular 'webmin' webinterface for easy administration
TODO: It comes with a default running individual intrusion detection system based on shell scripts.
Wendzel Linux 1.0.3 keywords