Hardened Kernel Config File for Virtual Machines (VMs) ("cloud kernel")

[adrelanos]

A kernel config specialized for better security inside virtual machines is in development.

The development preview version can be found here:
https://github.com/Whonix/hardened-kernel/blob/master/usr/share/hardened-vm-kernel/kernel-config

This work is being done by @madaidan who also contributed pull requests here.

https://github.com/anthraxx/linux-hardened/pulls?utf8=%E2%9C%93&q=author%3Amadaidan

Discussions about the kernel config happen mostly in Whonix forums.

https://forums.whonix.org/t/kernel-recompilation-for-better-hardening/7598/214

The hardened kernel config was contributed by @madaidan to the @Whonix project but as the maintainer of Whonix I think that it is not the most suitable project to maintain a kernel config. It would be more impactful and would get more eyes on it if it was hosted here.

Therefore I am wondering if there is any chance you would accept a pull request for a hardened VM config file? Which folder would be suitable for such a config file?

@madaidan might also be working on a hardened bare metal (i.e. non-VM) kernel config later on but one step a at a time.

[Bernhard40]

This project provides only kernel sources, not specific configs or packaging which is up to downstream to choose and set.

[adrelanos]

Do you know any more suitable project?

[Bernhard40]

There is https://github.com/a13xp0p0v/kconfig-hardened-check

They host various configs so you can try asking about adding yours there.

[adrelanos]

There is https://github.com/a13xp0p0v/kconfig-hardened-check

Created a13xp0p0v/kernel-hardening-checker#25 for it.

[anthraxx]

Thanks for your suggestions. I share the opinion that we should not start collecting additional config sets in this source tree. kconfig-hardened-check is a quite good place for this, closing therefor.