Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Openwall Linux 3.0: no SUIDs, anti log spoofing

solardiz (817136) writes | more than 3 years ago

Security 2

solardiz (817136) writes "Openwall GNU/*/Linux (or Owl for short) version 3.0 is out, marking 10 years of the project. Owl is a small security-enhanced Linux distro for servers, appliances, and virtual appliances. Two curious properties of Owl 3.0: no SUID programs in default install (yet the system is usable, including password changing) and logging of who sends messages to syslog (thus, a user can't have a log message appear to come, say, from the kernel or sshd). No other distro has these. Other highlights of Owl 3.0: single live+install+source CD, i686 or x86_64, integrated OpenVZ (host and/or guest), "make iso" & "make vztemplate" in included build environment, ext4 by default, xz in tar/rpm/less, "anti-Debian" key blacklisting in OpenSSH. A full install is under 400 MB, and it can rebuild itself from source."
Link to Original Source

cancel ×

2 comments

Sorry! There are no comments related to the filter you selected.

Does it have recent problem with ipsec? (0)

Anonymous Coward | more than 3 years ago | (#34585016)

Does it have recent problem with ipsec?

Re:Does it have recent problem with ipsec? (1)

solardiz (817136) | more than 3 years ago | (#34585052)

No, it does not. (That's not to mention that the problem "in OpenBSD" is probably a hoax.)

In context of another discussion, we've reviewed our Linux kernel source tree for relevant code from OpenBSD - there's none. Additionally, we don't include userland software for IPsec support - so it is not supported on Owl out of the box. Instead, OpenVPN may be easily installed and works great on Owl, and we might add it to the base system for the next Owl release. I am sending this comment via an OpenVPN tunnel between two Owl boxes.

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>