Fortress - A hardened Gentoo

Hello everyone!

If you have been on the forum, you probably have seen all of these “Linux sucks for security” and people recommending the good old madaidan guide.

This should no longer be the standard! Currently we are working on a hardened Gentoo system that has everything you could ever wish for.
Except a release or actually most things. We are at a point, where most basic things can be done with an easy install and not having to manually work with 10.000 different files.

If you are interested in development of what is supposed to be the most secure Linux possible, feel free to join our Matrix room!
The link is:

If you have any questions, feel free to ask me here or to join the matrix room.


This project is similar to kicksecure project for Debian?

This sounds cool, can you give us some insights about the security features?

I personally do not know everything about kicksecure, but it should be different.

According to my knowledge, Kicksecure still (mostly at least) uses the stock OS and builds on top of it.
While some things are similar, there also are a lot of differences. Starting with the installation.
Fortress has it’s own installer (CLI) and we’re currently also working on moving away from the stock stage3 tarball to a modified (more hardened) stage3 tarball.

Of course! I am unable to list everything, but here are some examples we have currently implemented. Some parts will change in the future, for example how hardened the base stage3 tarball is.

In short: We are implementing as much of Linux Hardening Guide | Madaidan's Insecurities as possible. This requires a lot of testing & patching. Keeping Chromium up2date for example is a huge task as we need a ton of extensions.

Some examples:

What Why Status
Hardened compile flags Make C & C++ applications as secure as reasonably possible. Finished
Hardened Installation Secure from the beginning; no insecure default state before the first boot. Finished
Musl as C library Small attack surface. Finished
Verified Boot & UEFI only Ensuring integrity of the system. Partly finished

That’s cool, Can’t wait to try it!