On Sat, Dec 10, 2011 at 12:45 PM, Tanstaafl <[email protected]>wrote:
> Hello all, > > I'm considering rolling out a new server with gentoo, but wanted to base > it on the hardened profile, but the docs I've read so far all seem to be a > bit vague about all the details. > > I've been using gentoo for a while on my hobby server, but I installed it > about 8 years ago, and chose the 'server' profile, and I must say it has > been a real pleasure to maintain, and the only real hiccup I ever > experienced was the mailman update that moved the directories for the lists > without telling me what to do about it (the fix was simple, and the devs > swiftly fixed the lack of post-install docs). > > Does anyone know of a good How-To that covers *all* of the bases? Ie, > which model is best - grsecurity, PAX, SeLinux - and how best to implement > it? > > Thanks... > > You may be able to get a better response from the -hardened list, but I built a hardened server a few months ago without much difficulty. As far as I know, the correct model to use depends on what you want to do with the server/what security you are looking to implement. When I went hardened, I used PaX and grsec [1] because it offered the security I was looking for but didn't restrict userland usability on a server on which I was the only user. My understanding is that this restriction would be a consequence of using SeLinux. [1] http://www.gentoo.org/proj/en/hardened/grsecurity.xml As for a solid comparison of the different models and tutorials for them, I don't know of any. I just used [1] as well as the PaX page to install and configure them and I didn't run into any problems. hope that helps a bit (and I hopefully didn't describe anything incorrectly). - Matt

