Re: Grsecurity patches on Debian

To: debian-security@lists.debian.org
Subject: Re: Grsecurity patches on Debian
From: Jan Lühr <jluehr@gmx.net>
Date: Mon, 7 Feb 2005 15:13:59 +0100
Message-id: <[🔎] 200502071513.59712.jluehr@gmx.net>
In-reply-to: <[🔎] 420768AF.4030200@antiszoc.hu>
References: <[🔎] 4207644F.8070600@quintic.co.uk> <[🔎] 420768AF.4030200@antiszoc.hu>

Greetings,..

Am Montag, 7. Februar 2005 14:10 schrieb Andras Got:
> Hi,
>
> You should start with grsec low and proc restricions set customly.
> Hardening your kernel is always a option. The grsec default high settings,
> and PaX break Jetty (java server container) in two, so it simply won't
> start, gradm won't help as I know. After the grsec default low settings you
> should read about the functions grsec has, and consider which one is good
> for you or worth using. I have grsec deafult high (+ the new extras set)
> kernels on gateways and one prod webserver. It works very well so far.
> Grsec+PaX itself won't break any program, that don't do anything wierd or
> unusual and suspicous. When you use chroot (postfix uses it by default),
> grsec can harden very vell your chroot systems.

Well, once I had some trouble using wine on an openwall patched terminal 
server.
I don't know, whetere these issue still apply.

Keep smiling
yanosz
-- 
Achtung: Die E-Mail-Adresse jluehr@netcologne.de wird in Kürze 
deaktiviert werden. Bitte nutzen Sie die Adresse
jluehr@gmx.net

Reply to:

References:
- Grsecurity patches on Debian
  - From: Marcus Williams <marcus@quintic.co.uk>
- Re: Grsecurity patches on Debian
  - From: Andras Got <andrej@antiszoc.hu>

Prev by Date: Re: Compromised system - still ok?
Next by Date: Re: Grsecurity patches on Debian
Previous by thread: Re: Grsecurity patches on Debian
Next by thread: Re: Grsecurity patches on Debian
Index(es):
- Date
- Thread