-
Notifications
You must be signed in to change notification settings - Fork 12
Home
The Certifiable Linux Integration Platform (CLIP) is a system for generating installable Red Hat Enterprise Linux (or CentOS) media that meets a variety of security requirements out-of-the-box. In other words, this thing will automate a bunch of the arduous, error-prone aspects of integration and security. The idea is that developers can add their stuff without having to deal with the painful errata.
Well, we are when it comes to security and integration ;) Really though, the idea here is that systems generated with CLIP address numerous security requirements without you having to do anything at all. It isn't a silver bullet, but it does come with security content from:
Combined, along with a few other tools, these two allow us to automatically perform security audits and remediate any findings. We do this in the kickstart for you so when the system comes up the first time most artifacts have been identified and fixed. We even place the before and after audit results in /root for you to peruse.
We go above and beyond this though. It also ships with a custom Security Enhanced Linux security policy. Many security policies target general purpose use. Not this one. This is is pretty lean when it comes to supported functionality. You might have to make policy modifications to get your custom sauce up and running. But here is the cool part, the approach we've taken is conducive to producing "least privilege" solutions that will likely contain fewer exposures and vulnerabilities.
Simply put, CLIP helps tie everything together and put it into an installable ISO. You can add you own packages, sources or binary, and start using them. The CLIP build system can roll them from source and stick them in the media.
Well, as you can see from our repo URL above, we're Quark Security :) We're security geeks.
You can start with Quark Security's CLIP Build VM. It is dead simple.
If you're feeling bolder I would checkout the repo in Red Hat Enterprise Linux or CentOS 6.4, run ./bootstrap.sh, then run "make clip-rhel-iso". That will generate an ISO you can install and then you can take the deployed CLIP environment for a spin. A ton of documentation is available in the Help-*.txt files in the repo.