Grsec distro, RPM's with default ACL's

Discuss and suggest new grsecurity features

Grsec distro, RPM's with default ACL's

Postby szpak » Thu Apr 22, 2004 9:34 am

As a user of grsec for I think long time I have some questions or even ideas.

1st. Is there a chance to include grsec in main linux kernel tree? (probably not because of selinux :( )
2nd. Is there any distribution with native support for grsecurity? (I saw once grsecurity in mandrake kernel I think, but there was no gradm or other tool, don't saying anything about documentation)
3rd. A little idea. A grsecurity enabled rpm.
Grsecurity acl configuration file allows includes, so can it be that by installing rpm we run a simple script that allows us to add a configuration file to in example /etc/grsec/packages, and if suplied with a password restarts grsec system with new acls.
For example when installing squid cache, squid binary, etc, is rw protected, and only squid binary have acces to cache directory. But that all is supplied by rpm developers or even by source code developers.
So grsec have good use not for only high security servers, but even for not experienced users on desktops.
szpak
 
Posts: 10
Joined: Wed Mar 26, 2003 7:08 am

Postby torne » Thu Apr 22, 2004 11:16 am

Hardened Gentoo can be installed with grsecurity.
torne
 
Posts: 54
Joined: Mon Aug 12, 2002 12:52 pm

Postby Sleight of Mind » Thu Apr 22, 2004 12:30 pm

there's also Adamantix
A debian based distro using PaX and RSBAC (but not grsec itself)
Sleight of Mind
 
Posts: 92
Joined: Tue Apr 08, 2003 10:41 am

Postby To » Wed Jun 16, 2004 10:52 pm

The gentoo default installtion with kernel gentoo sources brings a set a ACL examples too. In terms of security torne's advice it's the best.
Anyway it's the gentoo way :wink:
( I don't want to start a flame war here )

Tó
To
 
Posts: 22
Joined: Thu Dec 05, 2002 8:26 am

Postby torne » Thu Jun 17, 2004 10:07 am

If you use Gentoo and grsecurity you should compile your system from a hardened stage1/2/3 tarball as this will automatically build every package as a position-independant executable, allowing PaX to relocate binaries to random addresses. The hardened stages/profile automatically set up everything needed to have this work.
torne
 
Posts: 54
Joined: Mon Aug 12, 2002 12:52 pm

Re: Grsec distro, RPM's with default ACL's

Postby cormander » Sun Mar 30, 2008 2:42 pm

I hate to bump up an old thread, but this is relevant to the topic.

I've started to maintain grsecurity kernel RPMs. Right now they're for CentOS / Fedora, but will shortly have them for SuSE and Mandrivia as well.

http://www.ravencore.com/grsec/

As of this writing I don't have a gradm RPM, but will be releasing one shortly.

As far as other distributions that use grsecurity in rpm format, there are http://www.pld-linux.org/ and http://www.caoslinux.org/
cormander
 
Posts: 154
Joined: Tue Jan 29, 2008 12:51 pm

Re: Grsec distro, RPM's with default ACL's

Postby To » Fri Apr 18, 2008 6:17 am

thanx;)
To
 
Posts: 22
Joined: Thu Dec 05, 2002 8:26 am


Return to grsecurity development