Hi,
this is my 1st posting to this forum and I would like to know if it is possible to create a vanilla-kernel 2.4.20 with the 2.4.21-rc7 + 2.4.21-rc7-ac1 + grsecurity-1.9.9h-2.4.20.patch ?
If this should be possible, which patch of the 3 above mentioned do I have to install first?
grsec with kernel 2.4.21-rc7-ac1 ?
8 posts
• Page 1 of 1
grsec with kernel 2.4.21-rc7-ac1 ?
by tuxfan » Sun Jun 08, 2003 6:48 pm
- tuxfan
- Posts: 8
- Joined: Sun Jun 08, 2003 6:20 pm
by spender » Mon Jun 09, 2003 2:29 pm
http://grsecurity.net/grsecurity-1.9.10-2.4.21.patch
http://grsecurity.net/grsecurity-2.0-pre5-2.4.21.patch
You will need the current cvs of gradm or gradm2 as well.
-Brad
http://grsecurity.net/grsecurity-2.0-pre5-2.4.21.patch
You will need the current cvs of gradm or gradm2 as well.
-Brad
- spender
- Posts: 2185
- Joined: Wed Feb 20, 2002 8:00 pm
by tuxfan » Tue Jun 10, 2003 8:20 am
Ok, the kernel compilation worked too with patch-2.4.21-rc7.gz and grsecurity-1.9.10-2.4.21.patch.
I configured "low" which includes CONFIG_GRKERNSEC_RANDID=y
At the moment only this option is important to me, because I don't want that somebody can find out, if a network exists, when a client connects to the Internet.
help for CONFIG_GRKERNSEC_RANDID says: "If the sysctl option is enabled, a sysctl option with name "rand_ip_ids" is created" So do I need this, that the id field on all outgoing packets will be randomized? Do I need gradm?
How can I check if "random id" works?
I configured "low" which includes CONFIG_GRKERNSEC_RANDID=y
At the moment only this option is important to me, because I don't want that somebody can find out, if a network exists, when a client connects to the Internet.
help for CONFIG_GRKERNSEC_RANDID says: "If the sysctl option is enabled, a sysctl option with name "rand_ip_ids" is created" So do I need this, that the id field on all outgoing packets will be randomized? Do I need gradm?
How can I check if "random id" works?
- tuxfan
- Posts: 8
- Joined: Sun Jun 08, 2003 6:20 pm
by spender » Tue Jun 10, 2003 10:03 am
Use tcpdump -vv on your machine. Look at the ID fields on the packets you're sending out. They should look random. You can also nmap yourself, it will tell you the class of IP IDs you're sending.
As for it not applying cleanly to -ac1, that's expected. I'll have to make a separate patch for that, but it's not my top priority right now.
-Brad
As for it not applying cleanly to -ac1, that's expected. I'll have to make a separate patch for that, but it's not my top priority right now.
-Brad
- spender
- Posts: 2185
- Joined: Wed Feb 20, 2002 8:00 pm
8 posts
• Page 1 of 1