|Main Archive Page > Month Archives > engarde-users archives|
Any advantage using this over LIDS? I've heard of grsecurity briefly and from what I understand, the ACLs are far easier to manage vs LIDS.
I guess its safe to say that EnGarde users who are happy and have no problems with LIDS can skip this one. Those who wish to play with grsecurity on a non-production machine are welcome to try this out.
Eric B. Lubow mumbled:
> Brad Spengler, a developer of grsec has been generous to contribute a
> 2.4.20 kernel with grsecurity instead of LIDS. He built in netfilter
> (iptables) as well as ext3 in case anybody wanted to take advantage of
> those sorts of things. They are available here:
> Binary RPM:
> SRC RPM:
> A word of warning: Though Brad was generous enough to build this
> package, the webtool still enables/disables LIDS as it configures
> various things. By installing this, you will have the kernel
> functionality but lose some WebTool functionality.
> Rather than listing all the grsecurity features here, the web site
> the features list is here:
> Here are some additional notes and quick grsec tidbits of
> The GRSecurity Documentation is available at the following URL. It
> is strongly recommended that you read it prior to using this kernel:
> If you want to change the PaX flags on certain binaries, you need
> get this file:
> If you want to use the grsec ACL system, you need this file:
> grsec is enabled and disabled similar to LIDS (lids:grsec)
> lidsadm -E : gradm -E
> lidsadm -D : gradm -D
> It is also not generally necessary to disable grsec, using 'gradm
> should generally accomplish whats needed.
> Remember, use this kernel at your own risk.
> Eric Lubow
> Guardian Digital Inc.
> To unsubscribe email firstname.lastname@example.org
> with "unsubscribe" in the subject of the message.