Differences
This shows you the differences between two versions of the page.
linux:grsec [2006/02/20 20:34] 193.77.56.193 |
linux:grsec [2009/05/25 00:35] |
||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== Linux / grsecurity kernel patch ====== | ||
- | **Grsecurity** is an innovative approach to security utilizing a multi-layered detection, prevention, and containment model. It is licensed under the GPL. | ||
- | It offers among many other features: | ||
- | * An intelligent and robust Role-Based Access Control (RBAC) system that can generate least privilege policies for your entire system with no configuration | ||
- | * Change root (chroot) hardening | ||
- | * /tmp race prevention | ||
- | * Extensive auditing | ||
- | * Prevention of entire classes of exploits related to address space bugs (from the PaX project) | ||
- | * Additional randomness in the TCP/IP stack | ||
- | * A restriction that allows a user to only view his/her processes | ||
- | * Every security alert or audit contains the IP address of the person that caused the event | ||
- | |||
- | taked from GrSecHomepage :) | ||
- | ==== Links ==== | ||
- | * [[http:// | ||
- | |||
- | |||
- | ===== Instalation ===== | ||
- | |||
- | dowload grsecurity patch for your kernel (2.6.x / 2.4.x) from the [[http:// | ||
- | |||
- | ==== Kernel patching ==== | ||
- | |||
- | server@/ | ||
- | |||
- | ==== kernel 2.4.x tips ==== | ||
- | ==== kernel 2.6.x tips ==== | ||
- | |||
- | ===== Configuration ===== | ||
- | ==== sysctl ==== | ||
- | ==== PaX ==== | ||
- | ==== gdadm ==== | ||
- | TODO | ||
- | |||
- | ==== grsec iptables patch ==== | ||
- | TODO |