Re: Grsecurity patches on Debian

To: Andras Got <andrej@antiszoc.hu>
Cc: Marcus Williams <marcus@quintic.co.uk>, debian-security@lists.debian.org
Subject: Re: Grsecurity patches on Debian
From: Thomas Sjögren <thomas@northernsecurity.net>
Date: Mon, 7 Feb 2005 16:11:00 +0100
Message-id: <[🔎] 20050207151100.GA4215@northernsecurity.net>
Reply-to: thomas@northernsecurity.net
In-reply-to: <[🔎] 420768AF.4030200@antiszoc.hu>
References: <[🔎] 4207644F.8070600@quintic.co.uk> <[🔎] 420768AF.4030200@antiszoc.hu>

On Mon, Feb 07, 2005 at 02:10:07PM +0100, Andras Got wrote:
> You should start with grsec low and proc restricions set customly. 
> Hardening your kernel is always a option. 

Running grsec isn't a problem, I use on both clients and servers.
Dont start with grsec low but with the custom option,
CONFIG_GRKERNSEC_CUSTOM and read the help sections.

> The grsec default high settings, 

IIRC it defaults to custom.

> and PaX break Jetty (java server container) in two, so it simply won't 
> start, gradm won't help as I know. 

changing PaX-settings is done by chpax or paxctl. gradm is for the acl. if something breaks
chpax -peMRXs usually works, after that its about fine tuning.

/Thomas
--

Attachment: signature.asc
Description: Digital signature

Reply to:

Follow-Ups:
- Re: Grsecurity patches on Debian
  - From: Andras Got <andrej@antiszoc.hu>

References:
- Grsecurity patches on Debian
  - From: Marcus Williams <marcus@quintic.co.uk>
- Re: Grsecurity patches on Debian
  - From: Andras Got <andrej@antiszoc.hu>

Prev by Date: Re: Grsecurity patches on Debian
Next by Date: Re: Grsecurity patches on Debian
Previous by thread: Re: Grsecurity patches on Debian
Next by thread: Re: Grsecurity patches on Debian
Index(es):
- Date
- Thread