TrustedDebian
出自DebianWiki
Trusted Debian 是以 Debian 為基礎的附加套件軟體。用戶藉由新增 apt resource 可安裝額外或加強的資訊安全加強軟體,像是 虛擬私有網路、防火牆、磁碟加密等。並可防範普遍的網路攻擊手法,病毒掃描,提昇至軍用安全等級,也可用來作為無線網路基地台。
因為debian 是個商標 ; 經過社群投票後 , Trusted Debian 正式命名為 Adamantix !
目的
Adamantix 致力於成為高度安全性而且好用的 Linux 分支版本.高度安全性的 Linux 應該整個系統從底層重新設計.
保護機制 對抗 溢位攻擊
Adamantix v1.0 (known as Trusted Debian v1.0 back then) was the first Linux distribution to integrate support for PaX and SSP (Stack Smashing Protector, aka. Propolice). PaX is a kernel patch which protects against a number of buffer overflows and other memory corruption attacks. SSP is a GCC patch which provides protection of the stack, which makes stack overflows harder to exploit.
先進式存取控制
Currently work is going on to integrate RSBAC support in Adamantix. RSBAC is a kernel patch which provides a flexible and extensible security framework. This framework is very powerful and can be used to implement almost any security feature. A number of modules which use this framework have been implemented on top of it, such as:
* An improved chroot (jail) module * On-access virus scanning module * Linux capabilities management module * Linux resource management module * User ID changing management module * Role based access module * Access Control Lists (ACLs) module * And others.
All these modules can be combined to form a whole which is greater than the sum of the individual modules. In the future the number of modules is likely to grow, including modules for gr-security RBAC and SELinux, to provide backwards compatibility for legacy systems. RSBAC is a toolkit, in the same spirit as Linux is a toolkit. It takes quite some time to learn and understand RSBAC, just like learning Linux takes quite some time. But this time is well invested and will give similar rewards as learning Linux.
![[Main Page]](/upload/4/49/Debian_taiwan_out.png)