Re: Grsecurity patches on Debian
Hi,
You should start with grsec low and proc restricions set customly. Hardening your kernel is always a
option. The grsec default high settings, and PaX break Jetty (java server container) in two, so it
simply won't start, gradm won't help as I know. After the grsec default low settings you should read
about the functions grsec has, and consider which one is good for you or worth using. I have grsec
deafult high (+ the new extras set) kernels on gateways and one prod webserver. It works very well
so far. Grsec+PaX itself won't break any program, that don't do anything wierd or unusual and
suspicous. When you use chroot (postfix uses it by default), grsec can harden very vell your chroot
systems.
Regards,
Andrej
Marcus Williams írta:
Hi -
Has anyone any advice on using grsecurity on a server running Debian
(testing) - I'm thinking about patching my new kernel with the
grsecurity stuff and starting to use it but I'm unsure of what I can
expect. Are the defaults going to break (or stop from functioning)
anything obvious (namely sshd/apache etc)? This is a remote box so I
want to avoid losing network access etc.
Initially I'm going to set it up as in the Quick Start docs on the
grsecurity site. Has anyone advice where to start after that?
Cheers
Marcus
Reply to: