Gentoo Admin for Individual

slim2k · n00b Joined: 22 Dec 2017 Posts: 20

Hi .. I would like to hire a ultra-paranoid personal Gentoo Security Admin Tutor ..

I'm setting up a laptop making it as secure as I possible can and learning in the process. This is a http://puri.sm laptop with coreboot with me-cleaner already applied. If someone has some experience and a passion in the following I would love to hire you. I need help over voice or video conference (save a few keystokes my hands get tired after typing 1/2 a lifetime)..

Things I have in mind:

- Gentoo TTY console (feature setup and glitches)
- Encrypted Luks partition booting (including /boot)
- Docker and other visualization solutions
- Coreboot payload environment
- Hardened Linux Kernel environment
- Sand-boxing
- SELinux

Future considerations:
- Secure firmware on SD drives
- USB configuration to protect against BadUSB

Please be willing to accept crypto, that is a huge plus. If you already have a decent reputation on this forum I'll send payments first. I'm in the Central Timezone ..

The over-all vision: I need to build a core system as minimal as possible and organize and virtualize / sandbox applications in secure environments (how all computers should be built). Anything we create is 100% open source..

Ant P. · Watchman Joined: 18 Apr 2009 Posts: 6920

Everything you need to achieve those things is on https://wiki.gentoo.org. Show us you're willing to learn and not be a help vampire. A Gentoo user that can't build or maintain their own system will get owned sooner or later.

slim2k · n00b Joined: 22 Dec 2017 Posts: 20

Ant P. · Watchman Joined: 18 Apr 2009 Posts: 6920

You're not willing to pay; you're offering something of questionable legitimacy currently in the middle of a bubble crash in return for someone reading wiki pages aloud to you because you're too lazy to do so yourself. Nobody here wants to create another walking liability.

If you really want help, rephrase your query.

slim2k · n00b Joined: 22 Dec 2017 Posts: 20

Ant P. · Watchman Joined: 18 Apr 2009 Posts: 6920

Distro security is a process, not a vending machine. Bugs in the basic installation docs? Show us them and explain why you think they're bugs.

Spargeltarzan · Guru Joined: 23 Jul 2017 Posts: 317

I ask myself why it shouldn't be legitimate to ask for voice over ip support with payment? Of course, we are a community, supporting each other on a volunteer basis. However, if someone wants to learn faster, achieve a certain system within a clear timeframe or simply wants some starting help, why not?

The author even proposed to pay first.

I am currently in the same position that I want migrate my system to a fully secured, hardened, selinux box with virtualization for even stronger mechanisms (see Qubes OS). Due to the crsecurity stop and all the recent news with PIE in profile 17, I even don't know the first step to do although I have read the whole wiki and the last 4-5 pages in this forum section. Currently, it is even unclear if the documentation is still valid, I think it is mostly outdated. I even don't know which kernel we could use or how to secure the gentoo-sources what was a recommendation in the news item of the crsecurity stop. (you see my thread some lines under this one)

Therefore I understand someone who wants to pay 1-2 hours for a voice call, understanding the mechanisms, probably to maintain his box alone after it. Is it wrong, that one earns money for 1-2 hours voice call support?
_________________
___________________
Regards

Spargeltarzan

Notebook: Lenovo YOGA 900-13ISK: Gentoo stable amd64, GNOME systemd, KVM/QEMU
Desktop-PC: Intel Core i7-4770K, 8GB Ram, AMD Radeon R9 280X, ZFS Storage, GNOME openrc, Dantrell, Xen

NeddySeagoon · Posted: Fri Dec 22, 2017 11:26 pm Post subject:

slim2k,

You are putting the cart before the horse. Why are you considering those options?

You need to do your threat analysis first then put in place measures to mitigate those threats.
There is no absolute in security and security is like the layers of an onion. The harder you make it for attackers, the more intrusive the security becomes in your use of the system.

Before you even pick a stage3 tarball, do your threat analysis and decide what you need to defend against.
At the same time, decide how much day to day inconvenience you will accept in the use of the system.

Security is not a fire and forget thing. It has to be maintained.
_________________
Regards,

NeddySeagoon

Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail.

Spargeltarzan · Guru Joined: 23 Jul 2017 Posts: 317

@ NeddySeagoon: don't forget some users might not be aware of the kind of attacks they could suffer from. They will mostly say "fulls secured", probably like I do, because I don't know what all could happen to me in the Linux world
_________________
___________________
Regards

Spargeltarzan

Notebook: Lenovo YOGA 900-13ISK: Gentoo stable amd64, GNOME systemd, KVM/QEMU
Desktop-PC: Intel Core i7-4770K, 8GB Ram, AMD Radeon R9 280X, ZFS Storage, GNOME openrc, Dantrell, Xen

Hu · Moderator Joined: 06 Mar 2007 Posts: 21593

Spargeltarzan: there is nothing wrong with offering to pay for support. However, we somewhat frequently see users who neither understand their Gentoo system, nor wish to understand it, but only want some immediate problem solved. Most don't offer to pay for the fix, but even for those who do, it's questionable whether that's a good use of their money or the respondent's time. I see it as a service to the poster to warn that buying one fix today is a stopgap, not a full solution. If the poster truly wants to pay for support, possibly on a recurring basis until he/she masters self-supporting the system, he/she is welcome to do so.

slim2k: how do you propose to determine reputation? Some users have very high post counts, but little or no expertise in the areas you need serviced. In the time it will take you to evaluate a respondent's reputation, you could probably do quite a bit of real work.

Spargeltarzan · Guru Joined: 23 Jul 2017 Posts: 317

Agree

For me I enter with hardened and selinux a new world, after I entered a new world with Gentoo started at July

I used Linux before, but I used the "out of the box security solution" what was distributed.

When I think about Neddys approach of course I understand, for example, someone who uses VPN wants to protect packages over the network and should be aware of this first. For deeper investigations on the local system, kernel Pax, PIE, etc. even my studies of the informatics and my profession as an information security specialist some years ago doesn't help me to fully describe, judge and answer all possible security threats - it is a new world

I learned much since July and will not stop it
_________________
___________________
Regards

Spargeltarzan

Notebook: Lenovo YOGA 900-13ISK: Gentoo stable amd64, GNOME systemd, KVM/QEMU
Desktop-PC: Intel Core i7-4770K, 8GB Ram, AMD Radeon R9 280X, ZFS Storage, GNOME openrc, Dantrell, Xen

slim2k · n00b Joined: 22 Dec 2017 Posts: 20

NeddySeagoon · Posted: Sat Dec 23, 2017 10:10 am Post subject:

slim2k,

You need to start by describing the perceived threats.
e.g. Leaving your laptop on a train. You might want to use LUKS to delay unauthorised users getting to your personal data.
There are other ways too.

On the other hand, for a system in a data centre that is physically secure, HDD encryption is not going to contribute anything to your security.

Don't even think about defending against governments. They will send the boys round to beat your secrets out of you.
Its much more cost effective than attacking your system.

Start off by defining your threats, then design your defences.
_________________
Regards,

NeddySeagoon

Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail.

Spargeltarzan · Guru Joined: 23 Jul 2017 Posts: 317

slim2k · n00b Joined: 22 Dec 2017 Posts: 20