General questions
Posted: Fri Jul 17, 2015 7:21 am
Hello,
I have some questions with the grsecurity path.
1) I've successfully built a kernel for my compagny with grsecurity that perfectly fits my needs. However, few days (or even few hours later) a new version of the grsecurity package is available.
My concern is about how often I have to reasonably recompile the kernel? Is there a risk to leave an old kernel in production servers like one month ?
It's especially a problem with core database servers, because I have to avoid reboot.
2) It's very difficult to measure the performance overhead. I have configured grsecurity with Automatic, Performance, and Server.
How much overhead I can expect with software like Apache2, php5-fpm, and MySQL ?
Thank you very much.
Karl
I have some questions with the grsecurity path.
1) I've successfully built a kernel for my compagny with grsecurity that perfectly fits my needs. However, few days (or even few hours later) a new version of the grsecurity package is available.
My concern is about how often I have to reasonably recompile the kernel? Is there a risk to leave an old kernel in production servers like one month ?
It's especially a problem with core database servers, because I have to avoid reboot.
2) It's very difficult to measure the performance overhead. I have configured grsecurity with Automatic, Performance, and Server.
How much overhead I can expect with software like Apache2, php5-fpm, and MySQL ?
Thank you very much.
Karl