[[linux:grsec]]
Trace: grsec
Show pagesource
AdminRecent ChangesSitemap

This is an old revision of the document!

Linux / grsecurity kernel patch

Grsecurity is an innovative approach to security utilizing a multi-layered detection, prevention, and containment model. It is licensed under the GPL. It offers among many other features:

  • An intelligent and robust Role-Based Access Control (RBAC) system that can generate least privilege policies for your entire system with no configuration
  • Change root (chroot) hardening
  • /tmp race prevention
  • Extensive auditing
  • Prevention of entire classes of exploits related to address space bugs (from the PaX project)
  • Additional randomness in the TCP/IP stack
  • A restriction that allows a user to only view his/her processes
  • Every security alert or audit contains the IP address of the person that caused the event

taked from GrSecHomepage :)

Instalation

dowload grsecurity patch for your kernel (2.6.x / 2.4.x) from the site. You might need to wait a bit for a grsecurity patch for latest kernel.

Kernel patching

server@/usr/src/linux# zcat ../grsecurity-2.XXX.patch.gz |patch -p1

kernel 2.4.x tips

kernel 2.6.x tips

Configuration

sysctl

PaX

gdadm

TODO

grsec iptables patch

TODO
linux/grsec.1140464099.txt.gz · Last modified: 2009/05/25 00:34 (external edit)
Show pagesourceOld revisions
Media ManagerBack to top
CC Attribution-Share Alike 4.0 International
Driven by DokuWiki Recent changes RSS feed Valid CSS Valid XHTML 1.0 ipv6 ready