linux-hardened

Minimal supplement to upstream Kernel Self Protection Project changes. Features already provided by SELinux + Yama and archs other than multiarch arm64 / x86_64 aren't in scope. Only tags have stable history. Shared IRC channel with KSPP: irc.libera.chat #linux-hardening (by anthraxx)

Linux-hardened Alternatives

Similar projects and alternatives to linux-hardened

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a better linux-hardened alternative or higher similarity.

linux-hardened reviews and mentions

Posts with mentions or reviews of linux-hardened. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2023-06-06.
  • Question about immutability
    8 projects | /r/linuxquestions | 6 Jun 2023
    Glossing over their hardening guide, we notice that the kernel-hardened package is mentioned. This is a fork of what once was the kernel of GrapheneOS. While this hardened kernel can be used on a variety of distros, unfortunately this doesn't apply to Fedora Silverblue. Furthermore, I haven't seen any mention of the hardened kernel being used on openSUSE Tumbleweed. Therefore I see no reason to believe that this is possible on openSUSE Aeon either. Though, I'd love to be corrected on this!
  • How to obtain hardened kernel?
    2 projects | /r/debian | 21 Apr 2023
  • Let's Play with the Linux Kernel
    2 projects | dev.to | 8 Dec 2022
    Here is the source code for the hardened Linux kernel.
  • Deploying Firecracker VMs
    5 projects | dev.to | 5 Oct 2022
    so that we can use it liberally in CLI) > **Additionally, here's a 'building from the source section** - https://github.com/firecracker-microvm/firecracker/blob/main/docs/getting-started.md#building-from-source ### Running Firecracker > "*In production, Firecracker is designed to be run securely, inside an execution jail, carefully set up by the jailer binary. This is how our integration test suite does it. However, if you just want to see Firecracker booting up a guest Linux machine, you can do that as well.*" 1. We need to first obtain an "uncompressed Linux kernel binary, and an ext4 file system image (to use as rootfs)" ; great, these are two things that we need to seek out before we move forward in our 'adventure' (*this really feels like a "quest" of some sort, like the ones that they forced you to play on Runescape back in the days*) **How to Decompress Linux Kernel** (explicit instructions to be honest here) - https://0xax.gitbooks.io/linux-insides/content/Booting/linux-bootstrap-5.html **Linux-Hardened Kernel** - https://github.com/anthraxx/linux-hardened (this is something that they're all still actively working on at this very point in time) They also say that we need an 'ext4 file system image' (where do we obtain this from?) - found it **Full Guide on How to Create an EXT4 filesystem image here** -https://fabianlee.org/2020/01/13/linux-mounting-a-loopback-ext4-xfs-filesystem-to-isolate-or-enforce-storage-limits/ Assuming that the above has been handled, the directions insist that we create two separate shell prompts, (one to run Firecracker, and another one to control it [by writing to the API socket]; both shells have to run "in the same directory where the firecracker binary was placed") ^^ What? - This is a pain in the ass because this is something that they should've mentioned earlier (obv. everyone is going to move a binary where the rest of their binaries go ; and you're not going to just load up some random project to be used in that manner) - Not even sure what the end goal of opening up an API socket here would really be But fuck it, let's just assume that we play ball and we adhere to all of these (additional) steps that we're being put through (just for the setup up this virtualization tool!). ### Following Through on the Next Steps 1. Ensuring that Firecracker can create its own API ``` bash rm -f /tmp/firecracker.socket
  • The flashing screen bug seems to be fixed with the 5.19.13 kernel
    3 projects | /r/archlinux | 4 Oct 2022
    Officially supported kernels Community support on forum and bug reporting is available for officially supported kernels. Stable — Vanilla Linux kernel and modules, with a few patches applied. https://www.kernel.org/ || linux Hardened — A security-focused Linux kernel applying a set of hardening patches to mitigate kernel and userspace exploits. It also enables more upstream kernel hardening features than linux. https://github.com/anthraxx/linux-hardened || linux-hardened Longterm — Long-term support (LTS) Linux kernel and modules. https://www.kernel.org/ || linux-lts Zen Kernel — Result of a collaborative effort of kernel hackers to provide the best Linux kernel possible for everyday systems. Some more details can be found on https://liquorix.net (which provides kernel binaries based on Zen for Debian). https://github.com/zen-kernel/zen-kernel || linux-zen
  • windows kernel patch guard-like for linux ?
    3 projects | /r/linuxquestions | 16 Feb 2022
    Those two don't protect the kernel itself from "misuse". To do that, there are ways like kernel hardening 3, using hardened kernel 4 5.
  • Is Arch dangerously out of date?
    3 projects | /r/archlinux | 2 Feb 2022
    You can find the repository here: https://github.com/anthraxx/linux-hardened/ And IRC channel is #linux-hardening on libera.
    3 projects | /r/archlinux | 2 Feb 2022
  • Linux-hardened kernel on Pop OS?
    2 projects | /r/PrivacyGuides | 26 Nov 2021
    So, I recently discovered linux-hardened, a kernel that is tweaked for extreme security. I would like to use it on my second machine that runs Pop OS (Ubuntu-based)
    2 projects | /r/PrivacyGuides | 26 Nov 2021
    The instructions are located at https://github.com/anthraxx/linux-hardened/blob/master/Documentation/admin-guide/README.rst
  • A note from our sponsor - WorkOS
    workos.com | 29 Mar 2024
    The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning. Learn more →

Stats

Basic linux-hardened repo stats
16
526
0.0
23 days ago
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com