Op dinsdag 16-01-2007 om 09:16 uur [tijdzone -0800], schreef Ned Ludd:
> On Mon, 2007-01-15 at 22:08 +0100, Michael wrote:
> > 
> > You've quite convinced me of your solution, but should I expect a lot
> > more work to build and maintain gentoo installs with grsec and hardened?
> > 
> > For me it won't be much of a problem, but the other admin is still
> > learning gentoo (he never used linux before) but he should be able to
> > maintain the server without me so it shouldn't be to hard for him
> > either... Security is more important of course, but the easier the
> > better (or the more automation the better).
> > 
> > Should I expect to be able to install grsec and hardened and have it
> > work just like a normal gentoo install?
> 
> Yes pretty much. grsec+pax+hardened-toolchain(even w/o RBAC/SE/RSBAC) 
> offers admins a mostly transparent security system that vastly 
> improves security on linux. RBAC/SE/RSBAC mostly are for containing 
> an intrusion after it's already happened. With grsec+pax+toolchain the 
> idea is to prevent the intrusion from happening in the first place.

I guess this is the way to go then. My last question involves the
overhead caused by these security enhancers. I remember something about
SELinux giving quite a performance penalty, but that's not based on
facts. I don't need any numbers to believe the overhead is small or
anything, I just don't want the dual opteron servers to feel like they
were pentium 3s.

Thanks for all the help so far, everyone who replied has provided very
useful information and I can only hope I can do the same for each one of
you in the future.
Greetings,

Michael

-- 
[email protected] mailing list

Reply via email to