On Sat, Dec 10, 2011 at 12:45 PM, Tanstaafl <[email protected]>wrote:

> Hello all,
>
> I'm considering rolling out a new server with gentoo, but wanted to base
> it on the hardened profile, but the docs I've read so far all seem to be a
> bit vague about all the details.
>
> I've been using gentoo for a while on my hobby server, but I installed it
> about 8 years ago, and chose the 'server' profile, and I must say it has
> been a real pleasure to maintain, and the only real hiccup I ever
> experienced was the mailman update that moved the directories for the lists
> without telling me what to do about it (the fix was simple, and the devs
> swiftly fixed the lack of post-install docs).
>
> Does anyone know of a good How-To that covers *all* of the bases? Ie,
> which model is best - grsecurity, PAX, SeLinux - and how best to implement
> it?
>
> Thanks...
>
>
You may be able to get a better response from the -hardened list, but I
built a hardened server a few months ago without much difficulty. As far as
I know, the correct model to use depends on what you want to do with the
server/what security you are looking to implement. When I went hardened, I
used PaX and grsec [1] because it offered the security I was looking for
but didn't restrict userland usability on a server on which I was the only
user. My understanding is that this restriction would be a consequence of
using SeLinux.

[1] http://www.gentoo.org/proj/en/hardened/grsecurity.xml

As for a solid comparison of the different models and tutorials for them, I
don't know of any. I just used [1] as well as the PaX page to install and
configure them and I didn't run into any problems.

hope that helps a bit (and I hopefully didn't describe anything
incorrectly).

- Matt

Reply via email to