[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Grsecurity patches on Debian

On Mon, Feb 07, 2005 at 02:10:07PM +0100, Andras Got wrote:
> You should start with grsec low and proc restricions set customly. 
> Hardening your kernel is always a option. 

Running grsec isn't a problem, I use on both clients and servers.
Dont start with grsec low but with the custom option,
CONFIG_GRKERNSEC_CUSTOM and read the help sections.

> The grsec default high settings, 

IIRC it defaults to custom.

> and PaX break Jetty (java server container) in two, so it simply won't 
> start, gradm won't help as I know. 

changing PaX-settings is done by chpax or paxctl. gradm is for the acl. if something breaks
chpax -peMRXs usually works, after that its about fine tuning.


Attachment: signature.asc
Description: Digital signature

Reply to: