HardenedBSD is gaining a lot of traction. We maintain our own packages to ensure proper ABI/API compatibility with HardenedBSD. We are looking for those who would be interested in mirroring our package repositories. You'd be looking at 2x50GB per repository. Right now, we only have one repo for 11-CURRENT/amd64. But we will soon be expanding to also building 10-STABLE/amd64 packages as well. We are currently restructuring the way our repo works. Of course, if you decide to become an official mirror, your name will be listed on our donors page. We appreciate the help and support the community has given us already and we look forward to working further with the community as we grow. Please contact us at core@hardenedbsd.org to discuss further details.

secadm 0.2.3 is here! This release contains a number of bug fixes and enhancements. Most notably we've backported Integriforce to HardenedBSD 10-STABLE. Read on below for the changelog and download links.

We've released a new version of secadm, aiming to fix a number of bugs. Continue reading for the ChangeLog and the download links.

We mostly finished the backport of our 11-CURRENT patches to 10-STABLE this week. This means that those who have a preference not to use 11-CURRENT (and we don't blame them) can now have the comfort of having exploit mitigation features in a more stable branch. The backport is currently in an experimental branch (hardened/experimental/10-stable) but will be promoted to a stable branch (hardened/10-stable/master) in around a month if we deem it to be stable. We will soon be providing amd64 packages as well.

Over the past few months, Oliver has been busy writing a new exploit mitigation feature for HardenedBSD: NoExec. The first part of this project was merged into master tree, and there are still ongoing issues to solve. Our implementation is inspired by PaX's. NoExec prevents pages that are marked as writable from being marked executable as well.