Targeted Strict Server

This is my premier offering and what TDO stands to really be about. Our 'Targeted Strict Server' (TSS) is a server targeted to your needs with advanced security features. To create these solutions we use Gentoo Hardened and SELinux to make a server that only does what you need. What you are doing with Debian or CentOS can generally always be done with Gentoo Hardened. Only when it is done with Gentoo as the build is completed a clear picture of attack surface comes into view, and with that we can support everything you need and not also everything an attacker needs.

For the average PHP website this job is pretty simple but it can get complicated. While highly customizable one should generally be after a server with an nginx core. If you are used to Apache this might seem uncommon to you. We can convert most Apache mod_rewrite rules into nginx rules for the transition. If you are not using PHP this offer should interest you as we only include support for what your site actually uses. Yet nginx generally always has a role as a reverse proxy at the very least.

If you are a Flask Dev or a Django or even Rails developer looking for a solid and managed backend you have found the right person. I can provide everything your projects needs and nothing more. We can also optimise and work with you to ensure the SELinux policy is tight. This can involve writing a SELinux policy for your webapp, or even just lazy audit2allow calls to build a proto-policy of sorts that lets your site run.

Another benefit one gets with this service is for when you're doing NoSQL. We can give you a TSS without MySQL for instance. There are many choices ahead of a TSS customer. In most cases your code itself should answer all my questions whilst setting up your backend. In some cases I will need to be in contact with you.

As far as prices go we are very reasonable and it all depends on how complex your needs are. For a basic Flask or PHP site you are looking at $150 upfront for installation. For general updates this comes included free, and for migrations to new versions of major features such as Python or PHP there can be expenses as well.

The end result is a Gentoo Hardened backend server which is self-contained, runs SELinux in strict mode, and all features are unit tested and audited into a working SELinux policy. One gets a server which only really does what it says, and is completely free of bloat.


The main feature behind the security of a targeted strict server comes from SELinux. We use Gentoo hardened strict SELinux on a targeted strict server. Actions performed by the application software, as in your application, must be audited through the systems many restrictions. It is here where the targeting is essential. There is some grindwork here, running an application in every intended way. Essentially, auditing is a bit like unit testing, and the result is an application specific allow policy.