On Mon, 2007-01-15 at 22:08 +0100, Michael wrote:
> Hi Viktors,
> 
> Thanks for all your answers. You mentioned some things I wasn't thinking
> about at all. My solution would only work if I or the other admin (who
> is the owner) would notice increased use in bandwith, and it would only
> work to the point that they can't harm the installation on the server a
> lot.
> 
> You've quite convinced me of your solution, but should I expect a lot
> more work to build and maintain gentoo installs with grsec and hardened?
> 
> For me it won't be much of a problem, but the other admin is still
> learning gentoo (he never used linux before) but he should be able to
> maintain the server without me so it shouldn't be to hard for him
> either... Security is more important of course, but the easier the
> better (or the more automation the better).
> 
> Should I expect to be able to install grsec and hardened and have it
> work just like a normal gentoo install?

Yes pretty much. grsec+pax+hardened-toolchain(even w/o RBAC/SE/RSBAC) 
offers admins a mostly transparent security system that vastly 
improves security on linux. RBAC/SE/RSBAC mostly are for containing 
an intrusion after it's already happened. With grsec+pax+toolchain the 
idea is to prevent the intrusion from happening in the first place.

-- 
Ned Ludd <[EMAIL PROTECTED]>
Gentoo Linux

-- 
[email protected] mailing list

Reply via email to