On Dec 11, 2011 3:17 AM, "Tanstaafl" <[email protected]> wrote:
>
> On 2011-12-10 3:07 PM, Matthew Finkel <[email protected]> wrote:
>>
>>
>> You may be able to get a better response from the -hardened list,
>
>
> Dang, I had forgotten gentoo has a bunch of other lists... thanks, just
subscribed...
>

Don't forget gentoo-server! It's full of people who deploy and manage
servers daily :-)

>> but I built a hardened server a few months ago without much
>> difficulty. As far as I know, the correct model to use depends on
>> what you want to do with the server/what security you are looking to
>> implement. When I went hardened, I used PaX and grsec [1] because it
>> offered the security I was looking for but didn't restrict userland
>> usability on a server on which I was the only user. My understanding
>> is that this restriction would be a consequence of using SeLinux.
>
>
> Yeah, I was leaning toward avoiding SeLinux already from what I've been
reading, thanks...
>

Nothing beats the security of SELinux. But along with that, there will be a
HUGE learning curve and management complexity.

GrSec + PaX are enough for me.

>> [1] http://www.gentoo.org/proj/en/hardened/grsecurity.xml
>>
>> As for a solid comparison of the different models and tutorials for
>> them, I don't know of any. I just used [1] as well as the PaX page to
>> install and configure them and I didn't run into any problems.
>
>
> Good to know, and thanks again...
>

If you decide to deploy PaX, do read the help pages for PaX options; there
are settings that might be severely detrimental for certain hardware
combinations.

Rgds,

Reply via email to