> When you say you tried it, how did you test? I probably made a premature comment. Nessus probings, for example, were ok for me before trying this kernel. Maybe other friends with more experience can say something. What specific tests are you referring to?
> Can you identify any specific, real world situation where it has helped? > Has it caused problems with any software, or people, or whatever? I just have a small personal debian server running a web and mail servers. Most of the hacking attempts are directed to those. However, apache has many security options (suphp, modsecurity, etc) and is chrooted. I don't think the kernel had a lot to do with this. Apparently, it protects kernel memory, stack overflows and /proc (see below for what is added to this kernel). Other software programs installed appear to be OK. Of course, this kernel-image disables any X servers and programs related to it. There is a kernel source if you need to compile it. I cannot really say it would or would not cause problems to some people. It did not cause any for me. But again, I just run a small box. > This isn't a question aimed at making problems for you, or insulting the > people who are, no doubt, working very hard on the hardening project. I think is great we have brothers and sisters interested on these things... > I really want to know, because I don't have time (currently) to test it > myself, but would happily deploy it to client sites if I could be sure > it would actually achieve anything to improve matters. http://www.debian-hardened.org Hardened Debian kernel sources information. _______________________________________________ Maintainer: Lorenzo Hern�ndez Garc�a-Hierro <[EMAIL PROTECTED]> Features: - grSecurity 2.0.1 - CAN-2004-0109 fix. - CAN-2004-0596 fix. - TCP-stealth for 2.6.7. - Net-dev-random for 2.6.7. - Net-dev-random-drivers for 2.6.7. - SELinux PaX hooks for 2.6.7. - SELinux ipaddr patch. - grSecurity doesn't depend on PaX at all and viceversa. - SELinux updated headers. - Added extra security options to SELinux. - Openswan 2.3.0dr2 (improved IPSec stack). - Fortuna CSRNG. - BINFMT_ELF Loader Local Privilege Escalation Vulnerabilities. > Also, I recall some months ago that some Debian hardening toolkit had > made a miserable mess of the systems of a couple of people on the Debian > lists, by going in and screwing around with various configuration files > for them. > > IIRC, it was some sort of "education about security" package; is this > the same project, or am I thinking of something else? If you are referring to bastille, I think is a good program. Never had any problems with it. Just a little thing here and there, like creating some sort of directory it needed and the like. I believe some of the options need to be carefully considered. -- -JM. �Estos d�as azules y este sol de la infancia �(Antonio Machado-1939) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
