|Description||Hardened Gentoo is a project which oversees the research, implementation, and maintenance of security oriented projects for Gentoo Linux.|
|IRC channel||#gentoo-hardened (webchat)|
Last elected: 2019-04-22
(and inherited member(s))
Grsecurity and PaX is no longer officially supported!
Hardened Gentoo's purpose is to make Gentoo viable for highly secure, high stability production server environments. This project is not a standalone project separated from the rest of Gentoo. Instead, it is intended to be a team of Gentoo developers who are focused on delivering solutions to Gentoo that provide strong security and stability. These solutions will be available in Gentoo once they've been tested for security and stability by the Hardened team.
The Gentoo Hardened project offers many resources:
|Introduction to Hardened Gentoo||Overview of the various technologies researched and supported through the Gentoo Hardened project|
|Introduction to PIC||Introduction to Position Independent Code|
|Hardened Gentoo Frequently Asked Questions||Frequently Asked Questions for the Gentoo Hardened project|
|Hardened Debugging||Debugging applications built with PIC/PIE|
|Hardened Toolchain||Technical description of the Hardened Toolchain|
|GNU Stack Quickstart||Introduction to GNU stack handling|
|TEXTRELs Guide||How to find and fix text relocations|
|No longer supported|
|PaX Quickstart Guide||How to use PaX|
|PaX Flag migration from PT_PAX to XATTR_PAX||How to migrate the ELF based PaX flags to the extended attribute based flags|
|Grsecurity2 Quickstart Guide||What are the grsecurity features and how to enable them on a Gentoo Linux system|
|Grsecurity TPE Guide||Grsecurity Trusted Path Execution guide|
|PaX Utilities||Overview of the PaX utilities|
|Capabilities Listing||List of POSIX capabilities|
|PIC Internals||Position Independent Code Internals|
Don't forget to take a look at the resources of the subprojects too:
Contributors and Hall of Fame
The following people are or have been actively contributing to the project.
|Chris Richards||gizmo||Policy development, support (SELinux)||No|
|Chris PeBenito||pebenito||Previous SELinux project lead, policy development and SELinux support||No|
|Sven Vermeulen||SwifT||Previous SELinux project lead, policy development and SELinux support||No|
To participate in the Hardened Gentoo project first join the mailing list at email@example.com. Next, ask if there are plans to support something that you are interested in, propose a new subproject that you are interested in, choose one of the planned subprojects to work on or simply ask if you can help with something. You can also talk to the developers and users in the IRC channel #gentoo-hardened (webchat) on Libera.Chat for more information, or just to chat about the project or any subprojects.
If you think you don't have the knowledge or abilities to help, then try reading the current documents (there are always sections that can be improved or typos which we miss) and when you feel brave enough then try writing those documents you missed. Usually this only requires some internet research on your side and after some documents you'll most probably be able to help with other things you thought you weren't able to help with before.
Also, if you don't have time to actively help by contributing work, we will always need testers to maintain the security and stability of the overall product. All development, testing, productive comments, and feedback will be greatly appreciated.