CLIP OS - A Hardened Linux Distro

I think this topic is important enough it deserves it’s ow thread.
A bit of background info:

  • Yves-Alexis Perez is one of Debian’s major sec engineers.
  • ANSSI is the French COMSEC department so not a spook outfit.
  • CLIP OS is their hardened distro work where it may be beneficial to use or cherry pick as much stuff as possible.

They make use of this most active hardened linux fork: GitHub - anthraxx/linux-hardened: Minimal supplement to upstream Kernel Self Protection Project changes. Features already provided by SELinux + Yama and archs other than multiarch arm64 / x86_64 aren't in scope. Only tags have stable history. Shared IRC channel with KSPP: #linux-hardening

They are working on upstreaming of patchsets like stackleak and lockdown and are using LSMs like Landlock. Until then the work is integrated into their fork of the kernel among other enhancements not mentioned here.

1 Like

The CLIP OS project is an open source project maintained by the National Cybersecurity Agency of France (ANSSI)

good luck and enjoy!

The people behind it are Debian devs…

The fact that this is their day job doesn’t change this fact. Also they provide the source code for people to compile rather than binaries.

lets see what will happen when they reach stable phase.

1 Like

They are stable and have had multiple releases and are actively developed, that’s what makes this project worth looking into.

really? i read they are in alpha stage.