On 2011-12-10 3:07 PM, Matthew Finkel <[email protected]> wrote:

You may be able to get a better response from the -hardened list,

Dang, I had forgotten gentoo has a bunch of other lists... thanks, just subscribed...

but I built a hardened server a few months ago without much
difficulty. As far as I know, the correct model to use depends on
what you want to do with the server/what security you are looking to
implement. When I went hardened, I used PaX and grsec [1] because it
offered the security I was looking for but didn't restrict userland
usability on a server on which I was the only user. My understanding
is that this restriction would be a consequence of using SeLinux.

Yeah, I was leaning toward avoiding SeLinux already from what I've been reading, thanks...

[1] http://www.gentoo.org/proj/en/hardened/grsecurity.xml

As for a solid comparison of the different models and tutorials for
them, I don't know of any. I just used [1] as well as the PaX page to
install and configure them and I didn't run into any problems.

Good to know, and thanks again...

Reply via email to