hat hier irgendwer schonmal Erfahrungen mit o.g. Distribution (http://www.openna.com/) gemacht? Klingt nämlich ganz gut:
- All components of the operating system are protected against the
exploitation of buffer overflow vulnerabilities in process stacks.
- All permission files and directories have been reviewed and improved for
- All configuration files and software have been rewritten & rebuild with
high security in mind.
- The Grsecurity kernel patch with most of the entire security features that
it provides has been implemented into the kernel.
> Some of those features are:
. ACL system features
. Chroot restrictions
. Address space modification protection (PaX)
. Auditing features on (Chdir, Mount, unmount, IPC, Signal, fork, Time)
. Randomization features on (PIDs, IP IDs, TCP, RPC XIDs)
. /proc restrictions that don't leak information about process owners
. Symlink/hardlink restrictions to prevent /tmp races
. FIFO restrictions
. Dmesg(8) restriction
. Enhanced implementation of Trusted Path Execution
. GID-based socket restrictions
. Alerts and audits support to logs the IP of the attacker
. Stream connections across unix domain sockets carry the attacker's IP
- Most of all services available in different type of server installation
have been made to run in chroot jail environment mode.
- Most SUID/SGID binaries have been rebuilt with less privilege. Some
SUID/SGID modes have been completely removed without scarifying on the
functionality of the program.
- All /proc networking features have been fine tuned for the best security
- Complete, powerful and highly secure firewall implementation with
GIPTables has been redesigned for each type of server installation.
- Very clean, secure, fast, complete and small in size operating system.