On Sun, Aug 11, 2013 at 5:27 AM, coderman <coderman@gmail.com> wrote:

if i were to summarize what i have found effective against dedicated
and resourceful attackers (again, i can't go into details :) this
would be the top 5:

1. use a common distro, but rebuild critical components - bootloader,
initramfs, openssl, openssh, the kernel, gnutls, libgmp, use 64bit,
etc.

By "rebuild" do you mean compile it yourself or are you talking full-up review and rewrite? The former should be no problem for anyone capable of setting up a secure hosting service. The latter is probably beyond the means of small teams in any commercially reasonable timeframe.

--
Neca eos omnes. Deus suos agnoscet. -- Arnaud-Amaury, 1209