This is an old revision of the document!
Linux / grsecurity kernel patch
Grsecurity is an innovative approach to security utilizing a multi-layered detection, prevention, and containment model. It is licensed under the GPL. It offers among many other features:
- An intelligent and robust Role-Based Access Control (RBAC) system that can generate least privilege policies for your entire system with no configuration
- Change root (chroot) hardening
- /tmp race prevention
- Extensive auditing
- Prevention of entire classes of exploits related to address space bugs (from the PaX project)
- Additional randomness in the TCP/IP stack
- A restriction that allows a user to only view his/her processes
- Every security alert or audit contains the IP address of the person that caused the event
taked from GrSecHomepage :)
Links
Instalation
dowload grsecurity patch for your kernel (2.6.x / 2.4.x) from the site. You might need to wait a bit for a grsecurity patch for latest kernel.
Kernel patching
server@/usr/src/linux# zcat ../grsecurity-2.XXX.patch.gz |patch -p1
kernel 2.4.x tips
kernel 2.6.x tips
Configuration
sysctl
PaX
gdadm
TODO
grsec iptables patch
TODO