On Fri, 2002-01-18 at 22:15, Hassard, Stephen wrote: > I'm not sure if anyone has tried this one, but a fairly extensive patch set > for the 2.4 series of kernels is available called grsecurity > (http://www.grsecurity.net). It includes whole whacks of stuff (take a look > at the "features" page http://www.grsecurity.net/features.htm) .. I haven't > had a change to tried it out, but it looks promising. > openwall works only w/ 2.2.x kernels unless they've released > > 2.4.x stuff I will not vouch for the quality og GRSecurity, but it does implement Openwall on the 2.4 series. In comparison with LIDS it does not have the same requirement for pre-reboot configuration. GRSecurti featrures ACL, but they can be set only for the files that need them. It was a breeze to patch and compile. I have it in production of dozens of machines running IPSec and bridging amongst other things. I have no problems related to the patch.(I mention this because GRSecurity also increases the randomness of the network traffic in particular, so that it becomes virtually impossible to quess operating system with an ``nmap -O''. It messes with many different aspects of the system.) I would like to see others try it out and comment on this, because it looks very, very promising. -- Lars Bahner, http://lars.bahner.com/ Nihil est sine ratione cur potius sit, quam non sit.
Attachment:
pgpbiRHloUVR1.pgp
Description: PGP signature