has anyone here actually used subgraph OS? what was it like? and how did you install it without using a CD-ROM?
the installer seems to just ignora any usb mount. it seems retarded but i wouldn't mind getting info on how this actually works. it seems to be a literal version of "muh 9 proxies" meme. is this the case?
Benjamin Ward
>grsec Probably ignores USB after boot. I don't see why you'd bother with this honeypot bullshit instead of just using hardened-sources from Gentoo like a normal person.
Bentley Diaz
because this has grsec, PaX, RAP, and sandboxes each application. how can gentoo even rival that?
Angel Price
Gee I dunno, by installing fucking hardened-sources. God damn. >grsec, PaX, RAP Literally fucking grsec. hardened-sources = grsec. Fucking normalfags with your dumbass distributions. >dur I install Kali >how you get metasploit on Gentoo? emerge -av metasploit. Wow, that was hard. emerge -av hardened-sources. Wow, that was hard. As in hardened, because now you have hardened sources that you can use.
Brandon Young
>muh normalfags >says PaX and RAP are the same as grsec
this has grsec. why would it have the other two if this were the case?
Ryan Wilson
>this has grsec. why would it have the other two if this were the case? Because it fucking has grsec? You make it sound like Linux has PaX or RAP outside of grsec. I guess that's to be expected from some normalfag who never configured a kernel.
Jaxon Gutierrez
what are you even talking about? you just said: >grsec, PaX, RAP Literally fucking grsec.
and i ask why it's included in subgraph and your reponse is "it has grsec". are you high?
Jason Johnson
I've found the conversation so far amusing.
Robert Reyes
does hardened-sources require a configuration file for each application?
Brandon Brown
>using hardened-sources from Gentoo like a normal person.
kek'd hard
Thomas Baker
How do you install hardened sources?
Leo Torres
I'm not in this argument but let's all agree that grsec, pax, and application sandboxing are good no matter what distro/os you're using
Cameron Morris
hes an idiot, leave it be
Brayden Johnson
this doesn't fix your application sandboxing problem or net traffic torification
I like Subgraph but don't trust Tor itself so it's useless to me
Nolan Perry
emerge -av hardened-sources
RBAC lets you do per-application configuration. I usually don't enable it and just apply sane settings to everything because fuck running insecure applications.
Evan Gutierrez
>application sandboxing """""problem""""" I used to think that it would be better to run shit in separate virtual machines instead of just running it as separate users, but then I saw all the exploits that were popping up for Virtualbox, qemu, kvm, etc. Basically you end up having an application that you sandbox (because you think it's exploitable or whatever) and it gets exploited, then exploits whatever sandboxing bullshit and gets root or kernel privileges. By running everything as a separate user (with chroot) you can get whatever benefits you'd get with sandboxing, and the attacker also has to rely on one less privilege escalation path. As for forcing traffic through Tor, you really need to have some other device, like a Beaglebone Black or other USB Linux device that you can use to present the Tor socks port to the laptop/desktop. It shouldn't be possible for a compromised machine to bypass Tor, and you'll only get that with Tor being served by an external system.
Alexander Cox
Sounds wild to configure this.
Landon Sanders
Install Firejail (on gentoo hardened).
Carter Green
This.
Dominic Sullivan
It's a fucked up Debian.
Colton Hill
that sounds like an interesting approach, I'm going to try this out
Julian Mitchell
why are you guys suggesting a project that isn't active?
Luis Jones
The project is very much active. The NSA employees aren't.
Connor Watson
That contributor isn't active. Hardened Gentoo is active.
I'd suggest going with something like a Beaglebone Black since you can use it as an Ethernet device through USB. Otherwise, if you have a device with a screen you'll be able to authenticate to whatever wireless network you connect to, but you'll basically be taking along 2 laptops at that point. I'm not aware of any good single board computer with Ethernet gadget support and built in wifi (Beaglebone Green sort of had that, but I don't think it's being produced anymore). You also might be able to use a rooted Android phone, but Android is basically garbage.