[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Grsecurity patches on Debian


You should start with grsec low and proc restricions set customly. Hardening your kernel is always a option. The grsec default high settings, and PaX break Jetty (java server container) in two, so it simply won't start, gradm won't help as I know. After the grsec default low settings you should read about the functions grsec has, and consider which one is good for you or worth using. I have grsec deafult high (+ the new extras set) kernels on gateways and one prod webserver. It works very well so far. Grsec+PaX itself won't break any program, that don't do anything wierd or unusual and suspicous. When you use chroot (postfix uses it by default), grsec can harden very vell your chroot systems.


Marcus Williams írta:

Hi -

Has anyone any advice on using grsecurity on a server running Debian (testing) - I'm thinking about patching my new kernel with the grsecurity stuff and starting to use it but I'm unsure of what I can expect. Are the defaults going to break (or stop from functioning) anything obvious (namely sshd/apache etc)? This is a remote box so I want to avoid losing network access etc.

Initially I'm going to set it up as in the Quick Start docs on the grsecurity site. Has anyone advice where to start after that?



Reply to: