Hardened Debian

Release Notes: This is a port of the latest 2.4 released patch of the NSA's SELinux project to Linux 2.4.28. Since it's not a backport of the 2.6 code, but rather a port of the last 2.4.26 backport of the 2.6 code, many things are deprecated, outdated, and probably obsolete.

Release Notes: The 2.6.7-hardened packages are available for Debian Sarge, and hopefully stable for production environments. The changes are many, mainly SELinux PaX hooks, an enhanced IPSec stack (using Openswan), grSecurity 2.0.1, a kernel boot commandline to select SEGMEXEC/PAGEEXEC, /proc/pax_status support, fixes for binfmt_elf loader vulnerabilities and for all the CAN issues published before this date, Fortuna CSRNG, a netdev-random patch, and the TCP Stealth patch.

Release Notes: The 2.4.28-pre-3-hardened kernel improves several new features coming from the DHKP that integrates Owl's kernel patch, the Vanheusden patch, enhancements for the entropy pool (use of network cards interrupts for gathering entropy and increased pool sizes), and the introduction of the Fortuna patch. This provides memory page execution prevention, restricted FIFOs at /tmp, linking restrictions for /tmp, better entropy sources, restricted /proc, RLIMIT_NPROC on execve() enforcing, and destruction of shared memory segments not in use.