Re: Kernel 2.4.20 and patches to be save?
> How about monolithic kernels? Sure, they won't eliminate all your
> problems,
> but the fact of a self-made kernel being monolithic adds another layer of
> security to your context.
>
> If your machines are servers in a production environment, then you should
> consider this option. If they aren't, do what I did: try 2.4.21-rc2
>
> Regards
>
> Pope
The kernel I use for production servers is 2.4.20 with the grsecurity.net
patch. http://www.grsecurity.net version 1.9.9h has the ptrace patch
already in it, so it's the only patch you need for your kernel.
It's a fantastic patch, it has some neat tricks to stop the usual buffer
overflow exploits, stops writing to /dev/kmem and /dev/mem and also alters
ICMP replies to fool nmap so it has no idea what the machine is running.
All of its options appear in the "make menuconfig" menu, so you can turn
on different options one by one (some have a performance hit)
I use it on all my boxes, it has some great logging features too that help
to make it more obvious if people are trying nasty things.
Anyway, enough from me. Checkout their homepage for more information.
Tim
Reply to: