AnikOS – the Secure Program Environment

The name of the kernel is AniDroid Hardened Kernel.

AniDroid Hardened Kernel is the first Hardened kernel for Android that uses GRSecurity subsystem to provide different useful Security functionality.

AniDroid Hardened Kernel now is in early stage of developing but it’s almost ready for using and testing on Google (Samsung) Nexus S devices.

AniDroid Hardened Kernel was built with the latest Linaro Toolchain (GCC 4.6.3)

The Main information:

• Linux Kernel version 3.1.10
• GRSecurity version 2.2.2

GRSecurity working feature list:

• Kernel Memory Protection (restrict read/write access to /dev/kmem, /dev/mem, and /dev/port)
• Active Exploits Protection (deter exploit bruteforcing, active kernel exploit response)
• Role Based Access Control (RBAC)
• Filesystem Advanced Protection (including advanced security for applications running in CHROOT environment)
• Full Kernel Auditing (event logging for many kernel events)
• Executable Protection (deter ptrace-based process snooping)
• Network Protection (TCP/UDP blackhole and LAST_ACK DoS prevention)
• Managing support via Sysctl Interface

Included Patchsets:

• Voodoo Sound and Vodoo Colors
• BIGMEM for more available memory
• Backlight Notification(BLN, enabled by default with blinking)
• Backlight Dimmer(BLD, disabled by default)
• Battery Life Extender (BLX, not active for now, need testing)
• TouchWake (TW, enabled by default)
• Custom Voltage Interface

Links:

• Main Project Discussion
• Download Project Files
• Project Source Code

Date: 03.03.2012

AnikOS project became a part of the Lecensees Community of OpenInventionNetwork (OIN) company. OIN, that have the most biggest corporations and companies among it’s founding members as IBM, NEC, Novell, Philips, Red Hat, Sony formed to promote Linux by using patents to create a collaborative environment. It promotes a positive, fertile ecosystem for Linux, which in turns drives innovation and choice in the global marketplace. This helps ensure the continuation of innovation that has benefited software vendors, customers, emerging markets and investors.

You can find more information by the following link: http://openinventionnetwork.com/licensees.php

Date: 10.02.2012

What’s new in Beta 1:

1. Hardened Linux Kernel optimized for Desktop-oriented tasks was updated to 3.2.9 (3.2.9 Hardened Gentoo) version;
2. Glibc system library was updated to 2.14.1 (2.14.1-r2 Hardened Gentoo) version;
3. All distro was recompiled with GCC 4.6.2 (4.6.2 Hardened Gentoo);
4. Cinnamon Desktop environment 1.3.1 is used as default, GNOME was updated to 3.2.1 version;
5. Mesa OpenGL environment was updated to 8.0.1 version;
6. Xorg Server was updated to 1.11.4 version;
7. MS Windows program execution environment Wine wes updated to 1.4.0 version;
8. Mozilla Firefox web browser wes updated to 11.0 version;
9. Mozilla Thunderbird mail client was updated to 11.0 version;
10. LibreOffice office suite was updated to 3.4.5.2 version;
11. Samba SMB file sharing environment was updated to 3.6.3 version;
12. Binary package repository framework Entropy that also includes console application Equo and GUI application Sulfur was updated to 1.0 RC87 version;
13. Many other packages were updated to their latest versions;
14. The full changelog will be available due to Beta 1.

Date: 07.02.2012

What’s new in Alpha 6:

1. Hardened Linux Kernel was updated to 2.6.39.3 (2.6.39-r9 Hardened Gentoo) version;
2. Glibc system library was updated to 2.13-r4 version;
3. GRUB system bootloader was updated to version 1.99-r4;
4. IPTables program environment for OS network packet filter management subsystem were updated to 1.4.12 version;
5. Initial device detection support with Dracut 010-r3, unscratched boot support with Plymouth 0.8.3-r3 and Plymouth-openrc-plugin 0.1.2;
6. USB Security Token and Smart-Card support with OpenSC 0.12.1 and PCSC-Lite 1.6.6;
7. Boost tools and libraries were updated to 1.47 version;
8. Live mode initialization tools Sabayonlive Tools were updated to 2.3-r8 versions;
9. Calculate additional libraries and tools (Calculate Intall and so on) were updated to 2.2.20-r2 versions;
10. Automatic graphical card detection tool GPU Detector was updated to 2.5.0-r1;
11. Xorg Server was updated to 1.10.3 version, Xorg Drivers – to 1.11 version;
12. MS Windows program execution environment Wine wes updated to 1.3.24 version, Winetricks configuration tool was updated to 672 version;
13. Mozilla Firefox web browser wes updated to 5.0-r2 Gentoo version;
14. Abobe Flash Pleer and plugins were updated to 11.0.1.60 version;
15. Mozilla Thunderbird updated 5.0, Enigmail was deprecated and has been completely removed;
16. LibreOffice office suite was updated to 3.4.1.3 version;
17. P2P network client Transmission was updated to 2.33 version;
18. Gstreamer and plugins were updated to 0.10.35 versions;
19. Samba SMB file sharing environment was updated to 3.5.9 version;
20. Distribution now includes binary package repository tools Entropy 1.0 RC27 that also includes Equo and Sulfur tools;
21. Many other packages were updated to their latest versions;
22. The full changelog will be available due to alpha 6 release.

Date: 16.07.2011

What’s new in Alpha 5:

1. Hardened Linux Kernel was updated to 2.6.39-r2 Hardened Gentoo version;
2. Grub updated to 1.99-r2 Gentoo version;
3. Mozilla Firefox was downgraded to stable 4.0.1 and Xulrunner wad downgraded to stable 2.0.1 versions due to stabulity issues;
4. Added Rhythmbox 0.13.3 as a default music pleer in Workstation version on distribution;
5. Added GRandr 0.1 utility as a frontend for XRandr for changing monitor modes (resolutions and orientation);
6. Added testing LDAP authentication feature via OpenLDAP and PAM_LDAP, NSS_LDAP modules;
7. Added testing Binary Package Manager support based on Entropy Package Manager 1.0 rc10 (from Sabayon Linux Project);
8. IPTables was updated to Gentoo version 1.4.11.1-r2;
9. Many other packages updated to the last versions (see full changelog).

Date: 22.06.2011

What’s new in Alpha 4:

1. All distribution was rebuild with GCC Hardened 4.5.2 against 4.4.5 in previous Alpha releases;
2. Linux Kernal was updated to 2.6.39-r1 Hardened Gentoo version;
3. Main GUI environment is now based on Gnome 2.32+ against Xfce 4.8 in previous Alpha releases;
4. HAL has been completely removed;
5. IPTables was updated to 1.4.11.1 version;
6. GRadm was updated to 2.2.2.201106072007 version;
7. IPRoute2 was updated to 2.6.38 version;
8. Wine was updated to 1.3.21 version;
9. Mozilla Firefox Web browser and Xulrunner were updated to 5.0 beta5 version;
10. PSAD 2.1.7 was added – the Intrusion Detection and Log Analysis tool that uses IPTables;
11. GParted 0.8.0 was added with the following FS support: ext3, ext4, reiserfs, xfs, btrfs, fat, ntfs;
12. Truecrypt was updated to 7.0a-r5 Gentoo version;
13. X.org Server was updated to 1.10.2 version;
14. Glib was updated to 2.28.8 version;
15. The full Changelog will be available in next few days.

Date: 11.06.2011

Changes in Alpha 3:

1. Linux kernel was updated from 2.6.38.6 to 2.6.39 and was built with additional Transparent Hugepage feature support;
2. Google Chromium 12.0.742 has been removed;
3. The following features have been added and the following package updates were provided:

• Anonymous Internet resources interconnection feature through Tor Network (Tor 0.2.1.30 and TSocks 1.8_beta5-r5);
• LUKS encrypted block device support using CryptSetup (CryptSetup 1.2.0-r1);
• GPGme 1.3.0 as PGP implementation for File Integrity Control and File Encryption (GPGme-1.3.0-r1);
• Updated PAM_USB pam module to provide authentification using external USB device;
• Sabayonlive-tools updated from 2.3-r5 to 2.3-r6;
• XFce4-xkb-plugin updated from 0.5.4.0_p20110501 to 0.5.4.1;
• Transmission-base updated from 2.22 to 2.31;
• Transmission-gtk+ updated from 2.22 to 2.31;
• ACPId updated from 2.0.6 to 2.0.9;
• Pyopenssl updated from 0.11 to 0.12;
• GStreamer updated from 0.10.31 to 0.10.32-r1;
• All supported GST-Plugins updated to the latest versions;
• GST-Python updated from 0.10.20 to 0.10.21;
• Glib-Networking updated from 2.28.6.1 to 2.28.7;
• Calculate-Install and Calculate-Lib updated from 2.2.15 to 2.2.15-r1;
• XScreensaver updated from 5.13 to 5.14.

Date: 26.05.2011

What’s new in Alpha 2:

1. Linux Kernel 2.6.38.6 with GRsecurity and PAX patchsets with Full Execution Audit enabled, optimized for desktop performance using Low Latency Desktop and Process Group features enabled;
2. Glibc 2.13 and GCC Hardened 4.4.5 p1.2, pie-0.4.5;
3. Xorg Server 1.10.1, LibDRM 2.4.25, Mesa 7.10.2;
4. XFce 4.8 + Thunar File Manager 1.2.1 Slim Desktop Manager with some beautilul fonts and artwork;
5. System Locales are anly en_US and ru_RU for now with full UTF-8 support;
6. Wine 1.3.20 for running various MS Windows applications;
7. Office applications provided by LibreOffice 3.3.2.2;
8. Web Browsers: Google Chromium 12.0.742 and Mozilla Firefox 4.0.1;
9. Mail Client: Mozilla Thunderbird 3.1.10;
10. Data Sync and Data Backup features by DejaDup and Grsync;
11. Other alpplications: VoIP support by Ekiga 3.2.7, P2P protocols support by Transmission 2.31 and some other staff (will be customized till first Beta release);
12. Personal Firewall GUI (iptables frontend) by Firewall Builder 4.2 + predefined rules;
13. SMB File Sharing with Samba 3.5.8+;
14. Saving personal data into encrypted data container using TrueCrypt 7.0a;
15. PAM_USB pam module to provide authentification using external USB device.

Date: 23.05.2011

AnikOS is an effort to build a secure and usable linux distro
to use on any security-critical Desktop or Server.
AnikOS is based on current Gentoo and Hardened Gentoo and built entirely from source.
It was the initial build and soon became deprecated.

Date: 22.05.2011