[EnGarde] Re: Finestra 2.4.20 kernel with grsecurity

From: erwin lyndon j. lomibao <eljl_at_nospam>
Date: Wed Feb 12 2003 - 09:38:48 GMT
To: <engarde-users@engardelinux.org>

Any advantage using this over LIDS? I've heard of grsecurity briefly and from what I understand, the ACLs are far easier to manage vs LIDS.

I guess its safe to say that EnGarde users who are happy and have no problems with LIDS can skip this one. Those who wish to play with grsecurity on a non-production machine are welcome to try this out.

-eljl

Eric B. Lubow mumbled:
> All,
>
> Brad Spengler, a developer of grsec has been generous to contribute a
> 2.4.20 kernel with grsecurity instead of LIDS. He built in netfilter
> (iptables) as well as ext3 in case anybody wanted to take advantage of
> those sorts of things. They are available here:
>
> Binary RPM:
>

http://ftp.engardelinux.org/pub/engarde/contrib/RPMS/i686/kernel-2.4.20grsec-2.i686.rpm>
> SRC RPM:
>

http://ftp.engardelinux.org/pub/engarde/contrib/SRPMS/kernel-2.4.20grsec-2.src.rpm>
> A word of warning: Though Brad was generous enough to build this
> package, the webtool still enables/disables LIDS as it configures
> various things. By installing this, you will have the kernel
> functionality but lose some WebTool functionality.
>
> Rather than listing all the grsecurity features here, the web site
> with
> the features list is here:
>
> http://grsecurity.net/features.php
>
> Here are some additional notes and quick grsec tidbits of
> information:
> The GRSecurity Documentation is available at the following URL. It
> is strongly recommended that you read it prior to using this kernel:
> http://grsecurity.net/papers.php
>
> If you want to change the PaX flags on certain binaries, you need
> to
> get this file:
> http://pageexec.virtualave.net/chpax.tar.gz
>
> If you want to use the grsec ACL system, you need this file:
> http://grsecurity.net/gradm-1.7a.tar.gz
>
> grsec is enabled and disabled similar to LIDS (lids:grsec)
> lidsadm -E : gradm -E
> lidsadm -D : gradm -D
>
> It is also not generally necessary to disable grsec, using 'gradm
> -a'
> should generally accomplish whats needed.
>
> Remember, use this kernel at your own risk.
>
>
> --
> Eric Lubow
> Guardian Digital Inc.
> http://www.guardiandigital.com/
> ------------------------------------------------------------------------
> To unsubscribe email engarde-users-request@engardelinux.org
> with "unsubscribe" in the subject of the message.

To unsubscribe email engarde-users-request@engardelinux.org with "unsubscribe" in the subject of the message.

This message: [ Message body ]
Next message: Eric B. Lubow: "[EnGarde] mod_dav RPM"
Previous message: Ewout: "[EnGarde] ip_masq_ipsec.o module gone?"
In reply to: Eric B. Lubow: "[EnGarde] Finestra 2.4.20 kernel with grsecurity"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]