On Dec 11, 2011 3:17 AM, "Tanstaafl" <[email protected]> wrote: > > On 2011-12-10 3:07 PM, Matthew Finkel <[email protected]> wrote: >> >> >> You may be able to get a better response from the -hardened list, > > > Dang, I had forgotten gentoo has a bunch of other lists... thanks, just subscribed... >
Don't forget gentoo-server! It's full of people who deploy and manage servers daily :-) >> but I built a hardened server a few months ago without much >> difficulty. As far as I know, the correct model to use depends on >> what you want to do with the server/what security you are looking to >> implement. When I went hardened, I used PaX and grsec [1] because it >> offered the security I was looking for but didn't restrict userland >> usability on a server on which I was the only user. My understanding >> is that this restriction would be a consequence of using SeLinux. > > > Yeah, I was leaning toward avoiding SeLinux already from what I've been reading, thanks... > Nothing beats the security of SELinux. But along with that, there will be a HUGE learning curve and management complexity. GrSec + PaX are enough for me. >> [1] http://www.gentoo.org/proj/en/hardened/grsecurity.xml >> >> As for a solid comparison of the different models and tutorials for >> them, I don't know of any. I just used [1] as well as the PaX page to >> install and configure them and I didn't run into any problems. > > > Good to know, and thanks again... > If you decide to deploy PaX, do read the help pages for PaX options; there are settings that might be severely detrimental for certain hardware combinations. Rgds,

