1 / 7

Distribution Development Security

Distribution Development Security. Jeremiah Yongue. Linux Distribution. A Unix-like operating s ystem built on top of the Linux kernel which includes various collections of software packages. Well known examples include Ubuntu, Fedora, and Red Hat.

marty
Download Presentation

Distribution Development Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Distribution Development Security Jeremiah Yongue

  2. Linux Distribution • A Unix-like operating system built on top of the Linux kernel which includes various collections of software packages. • Well known examples include Ubuntu, Fedora, and Red Hat. • Solaris is not Linux, it is Unix, according to the single Unix specification.

  3. Development Process • Software updates come from upstream. • Software is patched or forked according to distribution-specific standards. • Software is packaged. • Software is distributed to users. The key issue with this process is ensuring that the software is “safe” at every step of the process.

  4. Fuduntu • “Fuduntu is a light hearted and fun Linux distribution that earns its name by its design to fit somewhere in-between Fedora and Ubuntu.” • Founding member. • Quick Stats: • 9000+ users • 10600+ software packages • #25 on Distrowatch.com’s popularity metrics for the past 12 months.

  5. Security at Fuduntu • Build-Hosts • Dedicated servers for building software packages. • Access restricted by SSH public keys. • Root access/login disabled. • “Lives” behind a firewall. • Can’t modify system without sudo rights. • Access to repository rsync restricted by separate account and password.

  6. Security Continued • GPG package signing • GNU Privacy Guard (GnuPG or GPG) is a GPL Licensed alternative to the PGP suite of cryptographic software. GnuPG is compliant with RFC 4880, which is the current IETF standards track specification of OpenPGP. • Package is signed with a private key at build time. • Package manager downloads public key to check against packages. • YUM, our package manager, will NOT install unsigned packages or packages that fail the key check.

  7. Sources • http://www.Fuduntu.org/ • http://www.gnupg.org/ • http://www.openssh.com/ • http://www.unix.org/online.html

More Related