Updating gentoo profile
Introduction In this tutorial, we’ll talk about how to harden a Linux system to make it more secure.
We’ll specifically use Gentoo Linux, but the concepts should be fairly similar in other distributions as well.
Access control systems include the following: Each of the systems mentioned above can be used to make the exploitation of your system harder for an attacker.
Let’s say you’re running a vulnerable application that’s listening on some predefined port that an attacker can connect to from anywhere; we can imagine a FTP server.
So imagine that you’re being prompted by each item on this procedure in order without any limitations on your ability to do whatever you want in the ordinary Linux way. To use Gentoo, you really have to know what you’re doing.
Fortunately, since that’s a requirement by design, there is a lot of excellent help out there.
There is a lot of useful information around the internet which helped me on the way.
If we look at the hardened Gentoo project web page located at , we can see a couple of projects that can be used to enhance the security of the Linux operation system; they are listed below.
If you have used a server profile so far, you should migrate to its parent, i.e.
from "default/linux/amd64/10.0/server" to "default/linux/amd64/13.0". This may change the default value of some use-flags (the setting in "server" was USE="-perl -python snmp truetype xml"), so you may want to check the setting of these flags after switching profile, but otherwise nothing happens.
When I was installing Gentoo the first few times, I had the feeling that the procedure could be wrapped up in a script. If the procedure is simplified and automated, then you will inevitability suffer a limitation of possibilities.
Gentoo tries hard to avoid the least common denominator effect by making you do everything explicitly.