[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Grsecurity patches on Debian


Am Montag, 7. Februar 2005 14:10 schrieb Andras Got:
> Hi,
> You should start with grsec low and proc restricions set customly.
> Hardening your kernel is always a option. The grsec default high settings,
> and PaX break Jetty (java server container) in two, so it simply won't
> start, gradm won't help as I know. After the grsec default low settings you
> should read about the functions grsec has, and consider which one is good
> for you or worth using. I have grsec deafult high (+ the new extras set)
> kernels on gateways and one prod webserver. It works very well so far.
> Grsec+PaX itself won't break any program, that don't do anything wierd or
> unusual and suspicous. When you use chroot (postfix uses it by default),
> grsec can harden very vell your chroot systems.

Well, once I had some trouble using wine on an openwall patched terminal 
I don't know, whetere these issue still apply.

Keep smiling
Achtung: Die E-Mail-Adresse jluehr@netcologne.de wird in Kürze 
deaktiviert werden. Bitte nutzen Sie die Adresse

Reply to: