On Mon, 19 May 2003, Hubert Chan wrote: > >>>>> "Andrés" == Andrés Roldán <aroldan@fluidsignal.com> writes: > > Andrés> Hi list. I am the CSO of a company and I am going to install > Andrés> several Debian woody machines with a kernel patched with > Andrés> grsecurity. Theses servers will be critical production-ready > The grsecurity patch touches a lot of different parts of the kernel, so > if you plan on applying other patches as well, you may have to do a bit > of patching by hand. If you need to use several conflicting patches (such as grsecurity and XFS), you might consider giving WOLK kernel a test-run. Don't deploy one without first running several stress-tests to make sure it acts properly. Also, make sure to enable only the things you really need. That thing is enormous, even considering the standard kernel size. WOLK stands for Working, Overloaded Linux Kernel. See http://sourceforge.net/projects/wolk/ - basically it is a huge collection of patches, all rewritten to work in unison and meant to be installed as one single patch against the vanilla kernel sources. Luckily 99% of the features are configurable. #disclaimer: I'm just a user, not a developer. (switches back to lurking-mode) -- Mika Boström +358-50-410-9042 \-/ "The Hell is empty, Bostik@lut.fi www.lut.fi/~bostik X and all the devils Security freak, and proud of it. /-\ are here." -W.S.
Attachment:
pgpuYncmMJsna.pgp
Description: PGP signature