Hardened Linux

Hardened Linux was a hardened and minimalized distribution developed by the Open Source Community. A huge part of the distribution is based on Slackware (tm) Linux. The project was created and lead by me from 2006 to 2008. The project ended on June, 26. 2008.

HL is based on Slackware-Linux and designed to run on firewalls, IDS systems, VPN gateways, and the like.

Other features: grsecurity hardened kernel, userspace hardening, hardened (and SSP) packages, hardened file system permissions, hardened configuration files for services.

The system was designed to be very tiny (only 200 MB iso file) and easy to understand. An own packet system (the hardened linux package tools) where build as an improvement for the existing slackware package system.

As a part of the Hardened Linux project these scripts make it easy to secure your Linux installation.

There is currently only a development snapshot version available that still misses lots of features (don't have enough time at the moment to finish it).

You can find it here: here.

Why another package system?

This is THE question! The answer is as follows: The Hardened Linux security distribution project I started in Sept-2006 was originally a 100% Slackwar*-Linux based distribution what means that we also used their package system (installpkg, upgradepkg and so on). I really like the Slackwar* package system but ...

After taking a deeper look into the shell script code of this package system I found different features the Hardened Linux would never need and I also missed some features we really needed.

One of the primary reasons was the missed package creation tool (only makepkg was there what created a .tgz file and made some checks). The next big problem with the Slackwar* package system was the implementation of so called SlackBuild scripts. All these scripts implement lots of code lines redundant (for example every (or better: most) of these scripts do some cleanup stuff, creating some temporary directories and so on) this was bad. Imagin that you want to change something within these scripts!

What is it?

The Hardened Linux pkgtools contain different tools to create, install, remove and upgrade packages. They support dependencies (but without version numbers) and are VERY tiny.

Differences to the Slackware package system

• It does not only support packages. It also supports ports (auto download of archive files and md5sum checking is implemented).
• Yes, its a port system on Linux but we ship compiled ports (=packages) on the default install
• The SlackBuild script system is now replaced by build scripts that ALWAYS exit on errors (I found lots of errors in SlackBuild scripts because of this!)
• Packages are created by the cpkg tool. It automaticly creats a working environment for the package build, executes the build script, checks for lots of quality problems (bad permissions and such things) and creates a gzip compressed tar archive of the package
• Two different package installation script types are supported (Slackwar* only has a doinst.sh): pre and postinstallation scripts. The slackwa*e doinst.sh is also supported for backward compatibility. Yes, you can install slackware packages with the hlpkgtools.
• All packages can be build like ports in *BSD and can also be used as normal binary packages (default)
• All packages have to contain a pkginf file that is used by all tools (including the package creation tool). This file includes different information and replaces the slack-desc file that only included a package description). Information included in this file are currently:
  • package name
  • package version
  • build number
  • archive file name
  • archive file download urls (optional)
  • md5sum of an archive
  • default install flag
  • package description
  • dependencies ("none" if they only depend on packages of the HL minimal core install)
  • maintainer information
  • optional: todo information
  • changelog
• Auto-Download of needed archive files for packages with md5sum compares
• After package installation (and after pre+post installation scripts ran fine) the installer tool checks for new versions of config files and lets you choose if you want to use the new config file, if you want to keep the old one or if you first want to see the differences of both files.
• The Hardened Linux pkgtools contain less lines of code
• hlpackages include 'upkg' what updates packages via internet (currently needs a SVN repository). Since we use SVN oder HTTPS this is a secure update system.
• A tool to search packages and to display package information is on the way.

Included Tools

• cpkg: package creation tool (uses the ports to build packages)
• ipkg: installs packages
• rpkg: removes an installed package
• upkg: for online package updates (will rewrite it since I have some ideas for improvements)
• spkg: searches packages (not there at the moment)

How to get cpfos?

You can always get the current version of the HL pkgtools on our subversion repository: click here.

Documentation

I wrote lots of comments in the scripts to make it easy to understand the functionality. I will release a full documentation with the first full functional version of the HL package tools (what means that it will be available with the 1.7.0-snapshot or 1.8.0-snapshot release of the Hardened Linux distribution).