Re: VPN Firewall Kernel
On Thu, 1 Apr 2004 17:59, michbec@t-online.de (Michael Becker) wrote:
> If you just want a kernel, with almost everything in there belonging
> to security, have a look at WOLK (Working OverLoaded Kernel)
> at http://sourceforge.net/projects/wolk
It appears that WOLK is not in Debian. I would guess that given it's aim to
include as many patches as possible it would conflict with most other kernel
patches (including the Debian kernel patch). If you feel that the Debian
kernel-source packages provide no benefit for you then this may be OK.
Neither the URL you provide nor the Freshmeat entry list what patches are
included in WOLK.
In Debian there are patches for exec-shield, SE Linux, GRSecurity, and the
Adamantix kernel patch (PAX + RSBAC + maybe some other things).
If you use one of the kernel patch packages in Debian then it will usually
apply to the Debian kernel-source packages, and you can have some expectation
of it being maintained for future kernel versions. Also there is a better
chance that other Debian kernel patches will work with it. You might
consider that this is not a problem if you have the skill and time to merge
patches whenever you build a new kernel, but it can be convenient to save the
time.
Another option is to use a kernel source tree provided by another
distribution. The "Hardened Gentoo" people are doing some interesting stuff
in regard to kernel security patches. Compiling Gentoo kernel source on and
for a Debian machine should not cause any problems.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
Reply to: