On 2011-12-10 3:07 PM, Matthew Finkel <[email protected]> wrote:
You may be able to get a better response from the -hardened list,
Dang, I had forgotten gentoo has a bunch of other lists... thanks, just subscribed...
but I built a hardened server a few months ago without much difficulty. As far as I know, the correct model to use depends on what you want to do with the server/what security you are looking to implement. When I went hardened, I used PaX and grsec [1] because it offered the security I was looking for but didn't restrict userland usability on a server on which I was the only user. My understanding is that this restriction would be a consequence of using SeLinux.
Yeah, I was leaning toward avoiding SeLinux already from what I've been reading, thanks...
[1] http://www.gentoo.org/proj/en/hardened/grsecurity.xml As for a solid comparison of the different models and tutorials for them, I don't know of any. I just used [1] as well as the PaX page to install and configure them and I didn't run into any problems.
Good to know, and thanks again...

