Jan Lühr wrote:
* Besides grsecurity patch, pax etc...What other recommendations are there to patch a kernel on a woody or sarge production server?I recently had some trouble with pax (gresecurity) and java (sun). Thus if you use tomcat etc., pax won't be an option.
You have to use chpax/paxctl to disable PaX for the java binary. I am running 2.6.10+GrSec PaX and 2.6.10+RSBAC+PaX with SUN Java 1.5.