Hi!
I wish I could keep (and that I could have kept) this topic up, but what I deem the systemd-suicide by Debian Developers turned me away from Debian.
A lot, a huge lot is losing so much because of this what I deem Debian abandoning of its own true self.
I wish for the Devuan, the Debian non-systemd fork to really take off, and I hope that could still happen. We'll see.
I looked up the suggestion by a member a few post previous to here:
http://main.mepis-deb.org/but that's a false suggestion, IIUC, no mention of grsecurity, so, again: IIUC, or to be sure: correct me if I'm wrong in understanding that they don't offer grsecurity-hardened kernel. And if they don't, it's a false suggestion. Period.
The other suggestion:
https://wiki.debian.org/Mempomay be worth it, but not for all users.
Exampli gratia, I liked to be close to the bleeding edge and install the weekly DVDs, and then compile the grsecurity-hardened kernel for it. Doesn't seem possible with Mempo.
But Mempo is not to be counted out. I really wish those guys succeeded! Their ideas are so pure, so right, and so needed today!
And if you search page 3 of this topic you are reading, this post:
viewtopic.php?f=16&t=108616&&start=30#p555093for an alternative, previously made attempt similar to mine in this topic, you might go on from:
grsecurity source install script for Debian
https://github.com/rickard2/grsecurity-Debian-InstallerSadly, not maintained.
I don't know what future holds.
I terribly liked what I could achieve with having my grsecurity-hardened kernel on the weekly (was it Sid up until a few months ago?, yes I think so), and then, the beauty was that thanks to Thorsten mirabilos Glaser...
The beauty was that then, thanks mirabilos from MirBSD, it was possible to rid myself of the program architecture that is there in most FOSS Linux and their relatives in FOSS, with the true purpose under the hood of its shine, to make for proprietory programs to work on top of [F]ree [O]pen [S]ource [S]oftware.
And proprietory, for which that architecture is there, and sadly lives undisturbed in most Linuces and their relatives of this day...
And yes I mean
dbus based architecture.
And proprietory, in this day and age, means: in the service of the one-ring-to-rule-them-all cravers, dear brothers in *nix.
Look up my tip:
How to Remove Systemd and Related Packages from Your Debian
viewtopic.php?f=16&t=118197And the beauty was that, thanks to that programmer from the BSD community, I was able to rid my Debian of dbus, pulseaudio and all those poetterware programs, along with harden it with my dearest program in all of FOSS, the grsecurity.
Sadly, while what I explained I needed to do in my previous post to this post, and it is this one:
( in this same topic you are reading )
viewtopic.php?f=16&t=108616&&start=45#p566911I did manage to do, it cost me huge time which then I did not have available for so many other things.
I have deployed grsecurity completely in my Gentoo, I know now how to filter traffic in such way that pretty much nothing is unobserved if I get under attack (well, there surely are subjects stronger than me, but I'm not, say, such a subject like Iran was years ago, to deserve those subjects' attention, or like the hackers deserve it who hack into their premises)... Along with having managed deploying iptables properly, and other things...
And I can tell you that Gradm really really does it! Gradm, the grsecurity administration, which, as I said in a few places, needs to be deployed on top of the grsecurity-hardened kernel to account for the few holes that otherwise still remain, as they can not be fixed via solely the kernel patching, which grsecurity does.
My desire to transmit the little but good and very recommendable knowledge that I have gained by now, has not left me, such as to make the next tip some day, the harder one to do, on how to deploy Gradm in Debian. The harder one (then this tip you are reading) to do for newbies, and the harder one (then this tip) to write for me (or if someone else takes over).
It really depends. If Devuan takes off and learns to fly, and if they, this is important, and I'll point them over to these words of mine...
And if they offer a
no-dbus Devuan, which I am not certain it is among their objectives; but if they do, then you may even not see much of me, because then I may get my little free time that I have, I can then start using that time for Devuan only...
But if they don't offer a non-dbus Devuan, then I can't go for Devuan.
I told them this already...
I attempted to say my views generally, and very clumsily, I admit:
https://lists.dyne.org/lurker/message/2 ... 11.en.htmlbut on dbus, I think I said it right, even though in the wider context:
https://lists.dyne.org/lurker/message/2 ... 95.en.htmlwhere find:
"
I count dbus in poetterware-related. You don't have to. I do. Pls. allow for that option!
My take on it you can have also here:
Updating and keeping your Gentoo non-poeterized
https://forums.gentoo.org/viewtopic-t-1012022.html "
and:
https://lists.dyne.org/lurker/message/2 ... 14.en.html"And an opt-out from dbus, official possiblity to have a non-dbus Devuan."
But I'm really not a developer to be able to follow them in the development of Debian, so I withdrew from the discussion.
And if they don't offer a no-dbus Devuan, then I may try and see if modalities still exist here in Debian, to go on where I left, disgusted that not even a simple file of a few kilobytes was allowed in the DVD 1 back when they were all (are they still?) about imposing the freaking systemd on every Debian user, as you can read in this tip of mine:
Air-Gapped Debian Install for Newbies
viewtopic.php?f=16&t=119648&#p564470where find this paragraph:
"
As you can see the systemd vandals have removed the sysvinit time honored and reliable (although a better one should be invented/deployed) init from the disk 1. Namely it is there in the disk-2. For the 129K sysvinit-core_2.88dsf-58_amd64.deb there was no room to be found in the disk-1... It's shame.
"
I don't know which way I will go next, esp. since I'm much more familiar with Gentoo (which is the best for security, and for defence from surveillance, as it is the home of grsecurity-hardening deployed).
And also the way that I showed I believe in, in my tips in these Debian Forums, and which is above all without dbus/poetterware and with grsecurity/PaX, and which I believe is the way to go in today's surveilled society, for anyone who wants to be free and not controlled by unknown to him/her. on that way De[bv][iu]an does not seem to be persevering on, not steadilyy, no, not so well as Gentoo...
And especially I don't know
when I might go the way that I happen to go next in Debian or its fork Devuan.
Thank you all for your kind attention.