[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Grsecurity patches on Debian


That's it, the chpax. I tried these things almost a year ago with JSP thingy. I googled and the like, but chpax didn't help.

I meant that I selected high settings, then selected custom, then did some changes. :)


Thomas Sjögren írta:

On Mon, Feb 07, 2005 at 02:10:07PM +0100, Andras Got wrote:

You should start with grsec low and proc restricions set customly. Hardening your kernel is always a option.

Running grsec isn't a problem, I use on both clients and servers.
Dont start with grsec low but with the custom option,
CONFIG_GRKERNSEC_CUSTOM and read the help sections.

The grsec default high settings,

IIRC it defaults to custom.

and PaX break Jetty (java server container) in two, so it simply won't start, gradm won't help as I know.

changing PaX-settings is done by chpax or paxctl. gradm is for the acl. if something breaks
chpax -peMRXs usually works, after that its about fine tuning.


Reply to: