this post was submitted on 18 Apr 2025
7 points (88.9% liked)

Void Linux

57 readers
1 users here now

The Void (Linux) distribution

Void is a general purpose operating system, based on the monolithic Linux kernel. Its package system allows you to quickly install, update and remove software; software is provided in binary packages or can be built directly from sources with the help of the XBPS source packages collection.

This community is a mirror/alternative to !voidlinux@lemmy.ml — created for wider accessibility due to federation issues.

Share updates, configs, questions, and anything Void-related here.

founded 1 week ago
MODERATORS
occultist8128@infosec.pub
7
welcome to !voidlinux@infosec.pub (infosec.pub)
submitted 1 week ago by occultist8128@infosec.pub to c/voidlinux@infosec.pub
4 comments fedilink hide all child comments
 

figured i'd spin up a Void Linux community here since the one on lemmy.ml is kinda hard to reach for folks on other instances.

this space is for anyone using (or curious about) Void. ask questions, share tips, show off your setups, or just vibe.

not too many rules, just:

  • keep it Void-related
  • don’t be a jerk
  • no dumb distro fights

that’s it.

drop a post, say hey, share your rice, whatever.

you are viewing a single comment's thread
view the rest of the comments
[–] fishynoob@infosec.pub 1 points 1 week ago (1 children)

Is there a hardened version of void? I'm interested in hardened distributions and like that Void has a musl build, but is there any dialogue from the devs or the community in using void as a hardened server OS?

[–] occultist8128@infosec.pub 1 points 6 days ago (1 children)

void already comes with a pretty solid, hardened kernel setup by default. some of the security features it has out of the box include full ASLR, NX protection, protected symlinks and hardlinks, randomization for kernel heap and SLAB freelists, stack protection with GCC, and a bunch of other things like restricting access to /dev/mem, enforcing read-only kernel and module data, and more. the default bootloader setup also includes things like slub_debug, page_poison, and secure memory allocation. but the default void settings aren't hardened at 100%, because otherwise you would be using OpenBSD lol.

there's also a script called hardening.sh in the void-packages repo. i've seen some folks trying to bring Whonix-style features (i think its name is PlagueOS) or grsecurity/PaX-like standards to Void too, but that’s a pretty big undertaking.

this is the output of checksec --kernel on my machine

○ checksec --kernel
* Kernel protection information:

  Description - List the status of kernel protection mechanisms. Rather than
  inspect kernel mechanisms that may aid in the prevention of exploitation of
  userspace processes, this option lists the status of kernel configuration
  options that harden the kernel itself against attack.

  Kernel config:
/proc/config.gz

  Vanilla Kernel ASLR:                    Full
  NX protection:                          Skipped
  Protected symlinks:                     Enabled
  Protected hardlinks:                    Enabled
  Protected fifos:                        Disabled
  Protected regular:                      Disabled
  Ipv4 reverse path filtering:            Disabled
  Kernel heap randomization:              Enabled
  GCC stack protector support:            Enabled
  GCC stack protector strong:             Enabled
  SLAB freelist randomization:            Enabled
  Virtually-mapped kernel stack:          Enabled
  Restrict /dev/mem access:               Enabled
  Restrict I/O access to /dev/mem:        Enabled
  Exec Shield:                            Unsupported
  YAMA:                                   Active

  Hardened Usercopy:                      Enabled
  Harden str/mem functions:               Enabled

* X86 only:
  Address space layout randomization:     Enabled

* SELinux:                                No SELinux

  SELinux infomation available here:
    http://selinuxproject.org/
[–] fishynoob@infosec.pub 1 points 6 days ago* (last edited 6 days ago) (1 children)

Thank you for the comment. Definitely looks like there's some interest in hardening Void, with that said most of the kernel protections that I see from your checksec output exist on my Debian system too. I will try it out in a VM then.