# How would you create a "security" OS?



## walterbyrd (Nov 11, 2019)

If you wanted to make something for digital forensics, penetration testing, and the like:

1. Which BSD would you use? OpenBSD, FreeBSD, or any BSD?
2. Other than `nmap`, what are a few "must have" apps?
3. What sort of configuration setup would be needed? Encrypted filesystem? Enhanced firewall? BTW: I suspect any kind of security OS would have to be well protected itself.
4. What would absolutely not install and/or what configuration would you absolutely avoid?
5. Would you use such a system for your everyday desktop? Web surfing and the like?


----------



## rigoletto@ (Nov 11, 2019)

If you want something with tooling to do tests against other systems, any OS with the tooling you need should work. If you want an OS matching the requirements for *extreme* security you should start learning about formal methods, high-integrity and safety-critical systems,  and Ada/SPARK language.

Best I can do about available open-source kernels is point you to seL4, Muen, and also MirageOS.

In other words, start by getting a PhD in Mathematics or CS.


----------



## Phishfry (Nov 11, 2019)

For pen testing and exploitation:
net-mgmt/aircrack-ng
security/metasploit
Depending on your local laws possession of these programs could be illegal.


----------



## walterbyrd (Nov 12, 2019)

Phishfry said:


> For pen testing and exploitation:
> net-mgmt/aircrack-ng
> security/metasploit
> Depending on your local laws possession of these programs could be illegal.



Surprised to learn that possession of such tools could be illegal. These tools do have legit uses. 

BTW: do those tools run on FreeBSD?


----------



## Phishfry (Nov 12, 2019)

walterbyrd said:


> Surprised to learn that possession of such tools could be illegal. These tools do have legit uses.
> 
> BTW: do those tools run on FreeBSD?


I had to give a disclaimer because depending on how you use these tools they could be illegal even in the USA.
Now consider possesing these tools in Uzbekistan or Kazakhstan. These programs would be illegal there.
Even Germany has pretty ominous laws about hacking tools.

The freshports site contains information on every port that is available in the FreeBSD ports tree. So yes, they are available.


----------

