|
(Hi I posted this before in
the “portscanning worm?” thread but thought that people might not
have seen it there cause I’ve not had any comments/replys?) I have often considered and
even tried a couple of times to setup a hardened box however I get confused
between all the different options and all the different implications. What with
Selinux Grsecurity 1/2 RSBAC PIE etc. etc. Also the kernel patching
concerns me a bit, I would much rather not have to search around an battle to
patch kernels my self if at all possible. I don't get to upgrade the
kernel on my production servers very often since company policy is 0 downtime. Also Because these are
production servers in use by 1000s of customers I would have to find a hardened
kernel (or what ever) that would have as small an impact on the current
workings and config of the systems involved. I have all my partitions
formatted (and kernels built) with support for security labels, but that's as
far as I've gotten. Also the idea of splitting up roots permissions into roles
is an interesting prospect but I've yet to find decent documentation on how to
implement/use POSIX ROLES |
- [gentoo-server] (Hardened) Converting production Gentoo mail... Jean Blignaut
- Re: [gentoo-server] (Hardened) Converting production Ge... Thilo Bangert
- Re: [gentoo-server] (Hardened) Converting productio... Kerin Millar
- Re: [gentoo-server] (Hardened) Converting produ... Ow Mun Heng
- Re: [gentoo-server] (Hardened) Converting produ... Thilo Bangert
- Re: [gentoo-server] (Hardened) Converting production Ge... xyon
- Re: [gentoo-server] (Hardened) Converting production Ge... Patrick Lauer
