has anyone here actually used subgraph OS? what was it like? and how did you install it without using a CD-ROM?
the installer seems to just ignora any usb mount. it seems retarded but i wouldn't mind getting info on how this actually works. it seems to be a literal version of "muh 9 proxies" meme. is this the case?
>grsec
Probably ignores USB after boot. I don't see why you'd bother with this honeypot bullshit instead of just using hardened-sources from Gentoo like a normal person.
because this has grsec, PaX, RAP, and sandboxes each application. how can gentoo even rival that?
Gee I dunno, by installing fucking hardened-sources. God damn.
>grsec, PaX, RAP
Literally fucking grsec. hardened-sources = grsec. Fucking normalfags with your dumbass distributions.
>dur I install Kali
>how you get metasploit on Gentoo?
emerge -av metasploit. Wow, that was hard.
emerge -av hardened-sources. Wow, that was hard. As in hardened, because now you have hardened sources that you can use.
>muh normalfags
>says PaX and RAP are the same as grsec
this has grsec. why would it have the other two if this were the case?
>this has grsec. why would it have the other two if this were the case?
Because it fucking has grsec? You make it sound like Linux has PaX or RAP outside of grsec. I guess that's to be expected from some normalfag who never configured a kernel.
what are you even talking about? you just said:
>grsec, PaX, RAP
Literally fucking grsec.
and i ask why it's included in subgraph and your reponse is "it has grsec". are you high?
I've found the conversation so far amusing.
does hardened-sources require a configuration file for each application?
>using hardened-sources from Gentoo like a normal person.
kek'd hard
How do you install hardened sources?
I'm not in this argument but let's all agree that grsec, pax, and application sandboxing are good no matter what distro/os you're using
hes an idiot, leave it be
this doesn't fix your application sandboxing problem or net traffic torification
I like Subgraph but don't trust Tor itself so it's useless to me
emerge -av hardened-sources
RBAC lets you do per-application configuration. I usually don't enable it and just apply sane settings to everything because fuck running insecure applications.
>application sandboxing """""problem"""""
I used to think that it would be better to run shit in separate virtual machines instead of just running it as separate users, but then I saw all the exploits that were popping up for Virtualbox, qemu, kvm, etc. Basically you end up having an application that you sandbox (because you think it's exploitable or whatever) and it gets exploited, then exploits whatever sandboxing bullshit and gets root or kernel privileges. By running everything as a separate user (with chroot) you can get whatever benefits you'd get with sandboxing, and the attacker also has to rely on one less privilege escalation path. As for forcing traffic through Tor, you really need to have some other device, like a Beaglebone Black or other USB Linux device that you can use to present the Tor socks port to the laptop/desktop. It shouldn't be possible for a compromised machine to bypass Tor, and you'll only get that with Tor being served by an external system.
Sounds wild to configure this.
Install Firejail (on gentoo hardened).
This.
It's a fucked up Debian.
that sounds like an interesting approach, I'm going to try this out
why are you guys suggesting a project that isn't active?
The project is very much active. The NSA employees aren't.
That contributor isn't active. Hardened Gentoo is active.
I'd suggest going with something like a Beaglebone Black since you can use it as an Ethernet device through USB. Otherwise, if you have a device with a screen you'll be able to authenticate to whatever wireless network you connect to, but you'll basically be taking along 2 laptops at that point. I'm not aware of any good single board computer with Ethernet gadget support and built in wifi (Beaglebone Green sort of had that, but I don't think it's being produced anymore). You also might be able to use a rooted Android phone, but Android is basically garbage.
gotcha