I am currently using one patch from Con Kolivas page (kernel 2.4.22 grsecurity+xfs). IMHO Grsecurity is the best security patch I have ever seen. But the greatest pain in the bottom is I simply cannot get rid java-related problems when I start my JBoss 3.2.2 server (run.sh -> default conf). The kernel log is always filled up with bunch of:
- Dec 3 12:41:28 core kernel: grsec: From 192.168.200.201: signal 11 sent to (java:2627) UID(0) EUID(0), parent (java:6261) UID(0) EUID(0)
Dec 3 12:41:33 core last message repeated 4 times
Dec 3 12:41:34 core kernel: grsec: more alerts, logging disabled for 10 seconds
Dec 3 12:41:44 core kernel: grsec: signal 11 sent to (java:2627) UID(0) EUID(0), parent (java:6261) UID(0) EUID(0)
Dec 3 12:41:51 core last message repeated 4 times
Dec 3 12:41:51 core kernel: grsec: more alerts, logging disabled for 10 seconds
Dec 3 12:42:02 core kernel: grsec: signal 11 sent to (java:2627) UID(0) EUID(0), parent (java:6261) UID(0) EUID(0)
Dec 3 12:42:02 core last message repeated 4 times
Dec 3 12:42:02 core kernel: grsec: more alerts, logging disabled for 10 seconds
Dec 3 12:42:12 core kernel: grsec: signal 11 sent to (java:2627) UID(0) EUID(0), parent (java:6261) UID(0) EUID(0)
Dec 3 12:42:12 core last message repeated 4 times
Dec 3 12:42:13 core kernel: grsec: more alerts, logging disabled for 10 seconds
For sure:
- Code: Select all
chpax -spmrx /usr/lib/j2se/1.4/jre/bin/java
chpax -spmrx /usr/lib/j2se/1.4/jre/bin/java_vm
chpax -spmrx /opt/j2sdk_nb/j2sdk1.4.2/bin/java
chpax -spmrx /opt/j2sdk_nb/j2sdk1.4.2/jre/bin/java_vm
chpax -spmrx /opt/j2sdk_nb/j2sdk1.4.2/jre/bin/java
is always executed. Any clue??
Thanks in advance
Nef