solidcore/coreos-kernel-hardened

Description

The original maintainer stopped HardHatOS, like it still works, there's no problem. But if one day it fails, he won't do anything, so I'm trying here to just keeping alive the project, because I like the kernel-hardened package.

That's said, I won't add anything (of features or any stuff) unless I specifically want to. Every other information is on the original project or on my github.

Special thanks to noatsecure who created the project and helped me for all this stuff.

Installation Instructions

You can also check my post-installation script for fedora on github.

sudo dnf copr enable samsepi0l/HardHatOS

sudo dnf install kernel-hardened

sudo shutdown -r

Active Releases

The following unofficial repositories are provided as-is by owner of this project. Contact the owner directly for bugs or issues (IE: not bugzilla).

* Total number of packages downloaded in the last seven days.

External Repository List

The following repositories are accessible during builds


This is a companion discussion topic for the original entry at https://copr.fedorainfracloud.org/coprs/solidcore/coreos-kernel-hardened

How can we contact you? I dont see any information on how to discuss the project in the COPR or the Github repo.

There are some possible issues with the hardening, for example that Flatpak doesnt work (Arch Wiki entry)

I am also very interested in the project, and it should become a core fedora project to use the hardened kernel, malloc and settings

The repo is part of a much larger project that I’ve started working on - as you can probably guess by the Github repos against my Github profile.

Current focus is on further developing the solidcore-scripts.

Part of this process involves getting the hardened kernel working on Silverblue with SecureBoot.

If Flatpak fails then kernel harening may be better done through sysctl settings, boot parameters, blacklisting modules, etc.

Feel free to email me. solidc0re [at] tuta [dot] io

1 Like

I think Flatpaks shouldnt be a problem after doing the small fix.

Would you mind creating a Github project that multiple people can join? I guess there is interest in that

I’m working on a very similar, though immutable, project here: GitHub - secureblue/secureblue: Images for GNOME and KDE with some hardening applied

I’m hoping we can collaborate on this and I figure the folks in this thread may be interested, hence the thread bump.

We already have flatpak working with user namespaces disabled, hardened_malloc installed globally, and many other changes you can find in the readme :slight_smile:

1 Like