What is the eastiest way to start gradm when the box boots?

Discuss usability issues, general maintenance, and general support issues for a grsecurity-enabled system.

What is the eastiest way to start gradm when the box boots?

Postby abefroman » Mon Mar 29, 2004 10:04 am

What is the eastiest way to start gradm -E automatically when the box boots/reboots?
abefroman
 
Posts: 7
Joined: Sun Mar 28, 2004 4:47 pm

Postby Sleight of Mind » Tue Mar 30, 2004 7:12 am

i suggest something like rc.local, or whatever it is called on your distro
Sleight of Mind
 
Posts: 92
Joined: Tue Apr 08, 2003 10:41 am

Postby argan0n » Wed Mar 31, 2004 2:45 pm

Keep in mind that if you start it from rc.local that it won't be enabled during your boot process until the end as rc.local is usually ran last. So there could be a window of vunerability that an attacker could try to leverage. Much like boot scripts that turn on daemons and bring up the network before applying the firewall rules (as may needed sometimes). Enabling grsec at the beginning of your init cycle, I'm sure, will bring out other issues on the opposite end of the spectrum that would need testing.
Of course this all depends on your distro, setup, use, parnoia, etc.. but I think it is good to be aware of it. YMMV
argan0n
 
Posts: 4
Joined: Fri Mar 12, 2004 12:21 am


Return to grsecurity support