Talos?

[Jonathan S. Shapiro]

Has anyone here had occasion to look at the Talos operating system (or rather: linux distro)? It is not a capability system. They claim to have stripped Linux down to a minimal (read: small) and entirely immutable distribution, and to have replaced the entire administrative tool set with an API - there is no console access. It is intended as a node operating system for Kubernetes deployments.

I'm highly doubtful that this is enough to secure a Linux platform, but the combination of a reduced attack surface and a sharply constrained target application set seems like it might be a significant improvement.

Opinions?

Jonathan

[William ML Leslie]

On Thu, 22 Jul 2021, 10:59 pm Jonathan S. Shapiro, <jonathan....@gmail.com> wrote:

 immutable distribution, and to have replaced the entire administrative tool set with an API - there is no console access.

I applaud this. The text console, aimed at humans, is not a great interface for automated use.

[Valerio Bellizzomi]

never heard of it before, it is not even listed on DistroWatch and LWN.net.

I guess one of the most secure OS is HardenedBSD

link: https://hardenedbsd.org/content/about

HardenedBSD's Goals

HardenedBSD aims to implement innovative exploit mitigation and security solutions for the FreeBSD community. Security is like an onion--it's made up of layers. In order to be successful, attackers must peel back each layer. HardenedBSD takes a holistic approach to security by hardening the system and implementing exploit mitigation technologies. We will work with FreeBSD and any other FreeBSD-based project to include our innovations. Our primary goal is to provide a clean-room reimplementation of the publicly-documented parts of the grsecurity patchset for Linux.