Re: Strongest linux - kernel patches

To: debian-security@lists.debian.org
Subject: Re: Strongest linux - kernel patches
From: Alvin Oga <aoga@ns.Linux-Consulting.com>
Date: Tue, 1 Jul 2003 16:27:21 -0700 (PDT)
Message-id: <[🔎] Pine.LNX.3.96.1030701162152.17298A-100000@Maggie.Linux-Consulting.com>
In-reply-to: <[🔎] 20030701185733.GA3987@hotpop.com>

On Tue, 1 Jul 2003, valerian wrote:

> On Tue, Jul 01, 2003 at 02:36:37PM +0200, Javier Castillo Alcibar wrote:
> > Hi all,
> > 
> > I want to setup a new linux server in internet (apache, php, postfix,
> > mysql, dns...), and I would like to patch the standard kernel with some
> > security patches..... but my question is, what patches are the best??
> > 
> >    - Openwall ??
> >    - TrustedDebian ??
> >    - LIDS??

it's not one or the other sorta thing
	- lots of to dos and how much time and $$$ to spend
	vs risk of what happens if they did get into your server
 
> > Any suggestions??
> 
> Check this out:
> http://www.grsecurity.net/features.php

rest of the kernel hardening patches

http://linux-sec.net/Harden/kernel.gwif.html

-- at a minimum, you should be using linux-2.4.21
   and openwall and lids and ..

-- than use the latest php, apache, postfix, mysql, dns
	- probably want to chroot your dns app

	( watch out for any mysql+php incompatibilities at the
	( bleeding edges though

c ya
alvin

Reply to:

Follow-Ups:
- Re: Strongest linux - kernel patches
  - From: Thomas Sjögren <thomas@northernsecurity.net>
- Re: Strongest linux - kernel patches
  - From: Preben Randhol <randhol@pvv.org>

References:
- Re: Strongest linux
  - From: valerian <valerian2@hotpop.com>

Prev by Date: Re: OT: An Idea for an IDS
Next by Date: Re: Why is proftpd always started when one update it?
Previous by thread: Re: Strongest linux
Next by thread: Re: Strongest linux - kernel patches
Index(es):
- Date
- Thread