HLFS is official

Archaic archaic at indy.rr.com
Fri Mar 5 09:08:07 PST 2004


On Wed, Mar 03, 2004 at 07:57:45AM +0100, Jeroen Coumans wrote:
> 
> First of all some project-specific information. I need at least a
> well-written introduction to HLFS which explains the raisons-d'etre,
> where you plan to go, etc. Refer to the various "What is *LFS?" for
> comparison.

First, the people involved:

Project Leader: Archaic
Toolchain Editor: Robert Connolly
Daemon Editor: Ryan Oliver
Networking Editor: Dagmar D' Surreal

Okay, here it is (nicked most of it from (B)LFS pages. ;)

########################################################################
What is HLFS?

Hardened Linux From Scratch (HLFS) is a project that provides you with
the steps necessary to build your own customized and hardened Linux
system. Based on LFS, this project will incorporate parts of BLFS as
well. The main differences between these other projects will be the
amount of text dealing with security configuration issues as well as
patching many of the packages used for improved security.

If you are wondering why you would want an HLFS system, just read any
number of articles dealing with hackers and script kiddies breaking into
systems and destroying them or stealing from them.

If you are wondering why you would want an LFS system or what one is
then you don't want to be here for now - you want to head over to the
LFS introduction page where all will be explained
########################################################################

> Do you mind creating a somewhat generic mail @website which I can also
> use for a news announcement?

########################################################################
HLFS has just been given full project status by Gerard. In the next week
or two the XML framework will be placed in CVS for checkout and HTML
books will be generated nightly. At this point the book should be
considered alpha material.  However, we need people to download and test
to commands in order to more quickly squash bugs. The HTML book in it's
current state will be placed on the website for download as soon as
everything gets sorted, but will be replaced by the nightly version as
soon as the CVS XML is up and running.
########################################################################

> You can CC Craig Colton (Craig Colton <meerkats at bellsouth.net>) for
> requesting a logo, I like the prison Tux!

Okay. Craig, as I told Jeroen, here's some possible ideas. One is Tux
wearing a prison suit behind bars. The other is a massive safe with the
either words "HLFS Inside" or "Linux Inside". Perhaps with Tux's pic on
the safe. I don't have a preference, these are merely suggestions. If
something else hits you, fine. You're the artist, not me. :)

> Mission statement & roadmap will appear here too.

Mission statement attached. Roadmap forthcoming at a later date.

> Second is a download area. You should try to use a directory-structure
> as closely like the other subprojects (eg.
> downloads/{test,cvs,stable}.

That's fine. Do whatever makes your work easier.

> Third you can use a so-called readers area. You can present links to
> present and past HLFS-books, hints, etc. In LFS and BLFS, these links
> point to some general information about stable & CVS releases, and
> these docs refer to the bookmarkable URL for stable/testing/cvs
> viewing.  Again, try to use a similar directory-structure (eg.
> view/{test,cvs,stable}.

I don't see a need for anything different than what BLFS uses other than
replacing blfs with hlfs and dropping the translation version paragraph.

> Good luck!

Thanks!

-- 
Archaic

A ``decay in the social contract'' is detectable; there is a growing
feeling, particularly among middle-income taxpayers, that they are not
getting back, from society and government, their money's worth for taxes
paid. The tendency is for taxpayers to try to take more control of their
finances ..

- IRS Strategic Plan, (May 1984)

-------------- next part --------------
HLFS Mission Statement

Function
    The HLFS team provides the "Hardened LFS" book, which teaches some
    foundational security principles and how to make an LFS/BLFS system
    more secure.

Scope
    The HLFS team addresses:
    - both LFS and BLFS installations, in varying degrees;
    - various environments, configurations and applications;
    - basic security policies and strategies;
    - implementation of those policies and strategies.

Bounds
    The HLFS team will produce a product that:
    - does *not* replace the (B)LFS books;
    - does *not* provide basic education delivered in the (B)LFS books;
    - does *not* supplant commonly available documents, resources or
      education;
    - *may* apply to multiple platforms (with x86 being the focus).

Objectives
    Produce a book that, in reasonable degree:
    - results in a user that is better educated in security issues;
    - delivers a platform less vulnerable to local and network attacks;
    - offers less vulnerability to exploits of OS component weaknesses;
    - remains current as the environment changes;
    - uses the (B)LFS books as a foundation.

Strategy
    User education will be promoted by:
    - providing an overview of common security concerns;
    - presuming a user's security awareness to be minimal;
    - offering a reasonably comprehensive, but concise, discussion of
      alternate security policy issues;
    - limiting discussion to a level suited to users who have already
      successfully installed and are using a (B)LFS platform (i.e.
      "intermediate-to-advanced" users);
    - publicly discussing any and all issues related to security and
      book content;
    - implementing the strategies below.

    A platform less vulnerable to network attacks is addressed by;
    - providing guidance to basic security policy that may be most
      appropriate to given environments, configurations and applications;
    - demonstrating procedures, processes and commands that implement the
      selected policy on a platform produced via the (B)LFS books.

    Exploit-ability of OS components will be reduced by:
    - discussing common weaknesses of OS components;
    - presenting various types of solutions ("hardening");
    - providing commands and supporting text that provide "hardening".

    To keep the book current, the team will:
    - monitor certain security-related resources on the Internet and
      communicate and incorporate pertinent changes;
    - monitor (B)LFS list activity for advance notice of changes;
    - minimize maintenance effort from (B)LFS book activity by carefully
      selecting what to include directly and what to reference;
    - "release" as close as reasonable to a new (B)LFS book release.

    To use the (B)LFS books as a foundation, the team will:
    - incorporate certain parts of those books, when needed for clarity
      and/or educational benefit;
    - avoid unneeded repetition of (B)LFS book contents;
    - make liberal use of references to those books, and other pertinent
      resources, when such references are relevant to the topic at hand
      (but outside the scope of the book) and will enhance its value.

Logistics
    Due to the enormity of the subject matter, workload associated with
    the effort and requirement for timeliness, success can only be
    ensured by distributing the tasks among the members of the HLFS
    community. For this reason, volunteers will be solicited to make a
    commitment to certain areas that will support the strategy detailed
    above. Note that one person may occupy multiple roles and multiple
    people may occupy one role. The important item is that the
    responsibilities are adequately addressed.

    Following are functions that need to be *formally* satisfied:
    - provide assistance to the team in conversion of text to the format
      needed to generate the book;
    - ensure style, wording, readability, presentation consistency,
      and completeness;
    - ensure overall communication with {B,H,}LFS occurs as appropriate;
    - ensure various security-related resources are effectively
      monitored for valuable input;
    - ensure we have topic experts with subject area responsibility,
      who generate and maintain text and commands that are specific to
      a certain topic within the scope of the book, stay aware of (B)LFS
      book and environmental changes that affect that area, communicate
      appropriately with HLFS and (B)LFS team members;
    - pre-release verification; verify that processes detailed in the
      book provide the expected results and confirm that the resulting
      platform operates correctly.

Policies
    The HLFS book will not specify replacement of (B)LFS book-specified
    components *unless* there is no reasonable alternative to accomplish
    a *needed* goal.

    The team will not sacrifice completeness, robustness or accuracy for
    the sake of timeliness.


More information about the website mailing list