Enterprise Gentoo Hardened

With Gentoo there are many directions and options that determine what a system will be and how it will operate. Admittedly there are many users of Gentoo that give it a bad rap. Yet I find it is the best system because it gives me the power to deploy the latest and greatest security features and mitigations. It also gives me a good view of the attack surface and what lurks in a systems dependencies. Along with that it works well with SELinux and this gives enterprise level security. 

Our main offering is an already deployed and actively maintained shared web server stack. This server has everything needed for most web applications, including PHP, Python, Java, and more. You can bring your own webserver or use ours and enjoy the latest PHP. The system has older versions of PHP, different Java implementations, and these can work by you running your own webserver on your account. I can ensure that it remains in your control, SELinux will stop others binding its port.

The shared web stack also has a full build environment available, and does not hide the system away. There is much security focused compartmentalization with SELinux, but all in all one can navigate my system well. On other providers one has a limited shell and has to make assumptions about the system, and folly in trial and error to understand the backend. My system is an open system yet still highly secure, and as a developer you can make better design decisions.

You can also get a 'targeted strict server' which is a deployment of the TDO enterprise Gentoo Hardened. On these servers you get your application running and get it to perform every action it should in a controlled environment. While you are using the application where things are controlled, SELinux runs in permissive but logs what would be denials. These audit logs are then turned into policy. The result is that SELinux stands in the way of all but normal operations.

The targeted strict server can be split between development and deployment systems. The deployed system would be a clone of the development system when it is considered stable, with the Gentoo 'system' packages removed. This means the server one has in production would lack much in the way of administration tools and build environment. Such a setup can prevent attackers from having a flexible platform they can predictably manipulate.

All servers have our 'better butter archive' system which provide temporal, delta-compressed, and write-only backups. It is a very efficient system that allows great power and flexibility as well. This system unleashes the simplicity and power of Linux and its revolutionary new 'butter filesystem' or 'better filesystem' to use reference linked snapshots in simple filesystem directories. One can compare snapshots for greater auditing and security, or get data from one tiny part of one.