My name is Matthew Ruffell, and I'm a computer scientist living in Christchurch, New Zealand with a particular interest in Linux and computer security. I'm still at University, beginning my PhD mid 2016. This blog post represents a huge milestone for me - releasing my own Linux distribution, and starting my first business. Today, I want to tell you all about a little project I have been working on for the past eight months, Dapper Linux.
I have been using Linux full time as my primary operating system for about five years now, with four of those years on Fedora. Recently, when I was installing the new Fedora 24 release, I thought to myself, "I should probably learn how to harden my system at some point". I knew there were options out there that I could pursue, but they all looked very laboursome and difficult. At the same time, since I clean install every six months for the new releases, I was also getting fed up reinstalling all of my applications and resetting my configs. It was shortly after that I decided to make my own distro, something that was relatively secure out of the box that also contained all the applications and configs I use.
I thought to myself, "I should probably learn how to harden my system at some point"
So in early September 2016, I read up on the Fedora wiki about creating whats known as a "Remix", and started up a Github repo of my kickstart files, and slowly started creating Dapper Linux. It was excellent fun at first, I learnt how Anaconda uses kickstart files to produce installation media, and how I could include any package I wished by simply editing the kickstart files. I eventually realised that I had to ship my own branding and repository configuration to abide by Fedora's trademark regulations, so I had to learn how to become a packager, and quickly became proficient at writing RPM spec files and building and maintaining a COPR repository of Dapper Linux packages.
When it came to hardening, I had discovered an interesting project called Grsecurity, by Open Source Security Inc. The benefits sound almost too good to be true, with mitigating and eliminating entire classes of exploits, and protecting against zero days. Reading the documentation and presentations on their website, it quickly became apparent that this is the real deal, and is exactly what I was after. However, to land Grsecurity in Dapper Linux, it meant that I would have to build and ship custom patched kernels. At this stage I had never built a kernel before, so it became quite the learning process on how to acquire the latest source, applying patches, configuring options and building the actual kernel.
It wasn't long until I stumbled across another group called Subgraph who were trying to achieve the same goal, and they had some incredible software called Oz and fw-daemon. Oz is a groundbreaking sandboxing system, and fw-daemon is a neat little firewall tool that alerts you to network packets coming and going. When I saw them, I knew I had to land them in Dapper Linux. This involved working out how to build go packages, and tested my packaging skills.
And with that, Dapper Linux became feature complete. This has been one huge learning experience for me, and has surely taken my Linux skills to a whole other level.
This has been one huge learning experience for me, and has surely taken my Linux skills to a whole other level.
Dapper Linux is a hardened Linux distribution, which takes advanced security features meant to be used by advanced Linux users and makes them available to normal everyday users in a "just works" out of the box fashion.
The features you will find in Dapper Linux are:
- A Grsecurity / PaX / RAP patched Linux Kernel
- Graphical apps completely sandboxed with Oz
- Dual web browsers, with one set up for hardened browsing
- An active firewall which alerts you to connections
- A large set of applications configured to support the secure kernel and sandboxing
- Full hard disk encryption
- DNSSEC by default and working out of the box
- A tasteful dark theme
- A simple, straightforward installer
Like what you see? How about giving it a try. Or perhaps you want to read more about its features first.
Whatever the matter, I hope you like what you see, and become a user. Send me some feedback if you like Dapper Linux!