Tips on Grsecurity installation for Debian newbies

Discuss usability issues, general maintenance, and general support issues for a grsecurity-enabled system.

Re: Tips on Grsecurity installation for Debian newbies

Postby timbgo » Wed Jun 11, 2014 2:35 pm

As just announced on:
http://forums.debian.net/viewtopic.php? ... 99#p543399

http://www.croatiafidelis.hr/gnu/deb/li ... c-current/
now contains 3.14.6 grsec-patched kernel packages
(with yesterday's grsec test patch)

And at any time, with the current Grsec patch, you can use the script-guide
for beginners from:
https://github.com/miroR/grsec-deb-compile
(or if you want to check the script with PGP:
http://www.croatiafidelis.hr/gnu/deb/gr ... compile.sh
and
http://www.croatiafidelis.hr/gnu/deb/gr ... ile.sh.sig

Bestt is to teach yourself how to easily compile the kernel with grsec-deb-compile.sh
Then you also build a debugger, not anymore found for download on my pages, too slow connection, and for first acquantance with Grsecurity, the packages are still fine.

Miroslav Rovis
http://www.CroatiaFidelis.hr
timbgo
 
Posts: 295
Joined: Tue Apr 16, 2013 9:34 am

Re: Tips on Grsecurity installation for Debian newbies

Postby timbgo » Wed Jul 23, 2014 3:00 am

Sorry for long delay.
As I posted a "coming soon here":
http://forums.debian.net/viewtopic.php? ... 06#p547263
I'm equally passionate about Grsecurity/Pax, only I work so slowly (old age and often poor health), so I'm late finding time for Grsec.
I should be soon posting here with some update. I hope today.
with:
grsecurity-3.0-3.15.5-201407170639.patch
and and that kernel and an appropriate config. for the script:
grsec-deb-compile
as explained previously on:
http://forums.debian.net/viewtopic.php? ... 06#p543399

(For those who understand my worries in my country, I'm still O.K. currently)

Miroslav Rovis
Zagreb, Croatia
http://www.CroatiaFidelis.hr
timbgo
 
Posts: 295
Joined: Tue Apr 16, 2013 9:34 am

Re: Tips on Grsecurity installation for Debian newbies

Postby timbgo » Thu Jul 24, 2014 6:51 am

Since the installation is very Debian specific, it is better befitted there:
http://forums.debian.net/viewtopic.php? ... 21#p547521
(well, as far as the newbies go)

Miroslav Rovis
Zagreb, Croatia
www.CroatiaFidelis.hr
timbgo
 
Posts: 295
Joined: Tue Apr 16, 2013 9:34 am

Re: Tips on Grsecurity installation for Debian newbies

Postby timbgo » Sat Aug 02, 2014 9:02 am

Following my quest for true information about things, I have learned a lot more about things, and it seams to be knowledge that is kinda not liked by forces taking over GNU/Linux and which are not good, nor is it really tolerated to be spread...

That's really what it looks like, people!

As I openly stated here:
When (and if) Gentoo will switch to systemd?
https://forums.gentoo.org/viewtopic-t-9 ... ml#7592902
, and repeated in todays post on Debian, this fruit of my earnest quest for truth resulting in my awareness of these seizmic order of magnitude detrimental changes in GNU/Linux as you can read here:
Defeat and Hope for GNU/Linux
http://forums.debian.net/viewtopic.php?f=3&t=116472
of it that should go away for some reason then, in less user-friendly format, here:
http://www.croatiafidelis.hr/gnu/pts/
filename: Deb_no_LPware_140801.txt
(and check sig and xml)
I was pronto offtopic'd and had to tolerate clever nit picking.
Let it be...

But pls., there are people aware of security around here other than Spender, Pax Team or Ephox, who I really don't mean to bother with my question in this my maximum level of understanding here, which is several classes below their level, no...

But maybe some of you can help and suggest what to try.

Read here, the today's post on my Grsec' Tip page on Debian Forums:
Grsecurity/Pax installation on Debian GNU/Linux
http://forums.debian.net/viewtopic.php? ... 60#p548760

The default Jessie, systemD-estructed Jessie is not an option that I might stay with.

If you can't offer advice on what to do with my current Jessie install, as I ask there (I did search, but nothing specific enough is available, I'd need to sift through huge info, and go basing learning of Debian internals to do the transition to non-systemd, it seems to me)...

Also Mempo ( see http://mempo.org )... not yet... read on the already given link, a few lines above, "Grsecurity/Pax installation on Debian GNU/Linux" my last post, on Mempo...

So, if you can't offer advice on the previous paragraph's default Jessie no-go, can you offer any better than what I'm thinking of choosing, for my old systems that I compile offline from private repo -- see Jigdo tutorial what I install Jessie from --, of which, when I clone the clean offline system, only that clone goes online of the three identical MBO systems)... can you offer any better than this:

Project:Hardened uClibc/Lilblue
https://wiki.gentoo.org/wiki/Project:Ha ... bc/Lilblue

And, and that's what I will do next, just search, later, for my new posts on Gentoo Forums, I will ask people on Gentoo about it. Looks the best thing to do.

Because I am passionate about Free Open Source Software, and those poetteringware is ruining it from the inside, and I can't stand seeing so many people zombified with false software, instead of having shiny freedon for which GNU/Linux was invented...

I won't leave the few people who I managed to teach Grsec on Debian Forums yet, I'll try and keep a system (I can both backup and also recover/clone a system in relatively little time), and post the new Grsec instructions for them, and go back restore LilBlue and go on building and using that Grsecurity based promising true Gentoo variant on one of these three systems of mine that I access internet with...

Miroslav Rovis
Zagreb, Croatia
http://www.CroatiaFidelis.hr
--
publictimestamp.org/ptb/PTB-21273 sha256 2014-08-02 12:01:45
C8792654DB0D24F510F4EAA4C2A14B657F2C1B1009B22C71C5F0F50DC939E098
========= cut all underneath if verifying hashes ============
File corresponding to this post, Grsec_Deb_140802_leaving_Q-1.txt,
has Publictimestamp # 1236956
timbgo
 
Posts: 295
Joined: Tue Apr 16, 2013 9:34 am

Re: Tips on Grsecurity installation for Debian newbies

Postby timbgo » Sat Aug 16, 2014 8:31 am

Just posted a renewed call for engaging in our cause:
Grsecurity/Pax installation on Debian GNU/Linux
http://forums.debian.net/viewtopic.php? ... 30#p550296
timbgo
 
Posts: 295
Joined: Tue Apr 16, 2013 9:34 am

Re: Tips on Grsecurity installation for Debian newbies

Postby timbgo » Sun Aug 17, 2014 5:37 am

Regardless how endangered species anything non-windozed in nowadays GNU/Linux that is becoming a miserable shadow of its own self ...
[1], [2]
I'll keep trying with the truly free and honest programs.

I'm not an expert, but I believe I provided guide useful to beginners.
They are in the same Debian Forum Tips of mine entitles:

Grsecurity/Pax installation on Debian GNU/Linux

If you know some of GNU/Linux, use this one:
http://forums.debian.net/viewtopic.php? ... 90#p550383

If, however, you find it still too hard, go for this one:
http://forums.debian.net/viewtopic.php? ... 90#p550390

Cheers!
Miroslav Rovis
Zagreb, Croatia
http://www.CroatiaFidelis.hr

[1] Where are you Richard Matthew Stallman, who started the GNU religion, I would argue, if I'm allowed to stretch the term a little? Why your voice is not heard about abuses of SELinux on the free software, about now systemD wholesale and very astute, covert assault on things FOSS?
[2] I suggest reading of my article:
Defeat and Hope for GNU/Linux
http://forums.debian.net/viewtopic.php? ... 72#p548548
timbgo
 
Posts: 295
Joined: Tue Apr 16, 2013 9:34 am

Re: Tips on Grsecurity installation for Debian newbies

Postby timbgo » Wed Aug 27, 2014 4:05 am

Just for beginners, really nothing in both this topic and in that one for advanced users, I gave a tip on Debian Forums:
Grsecurity/Pax installation on Debian GNU/Linux
(A typical issue with Grsec kernel, and easy solution
http://forums.debian.net/viewtopic.php? ... 03#p551503

It's on a typical use of paxctl.

Miroslav Rovis
Zagreb, Croatia
http://www.CroatiaFidelis.hr
timbgo
 
Posts: 295
Joined: Tue Apr 16, 2013 9:34 am

Re: Tips on Grsecurity installation for Debian newbies

Postby timbgo » Tue Sep 09, 2014 8:24 pm

New packages, complete packages, tonight:

Grsecurity/Pax installation on Debian GNU/Linux
http://forums.debian.net/viewtopic.php? ... 15#p552715

This time around didn't know what to do because, as reported there:

The:
linux-image-3.16.2-grsec140908-21_3.16.2-grsec140908-21-1_amd64.deb
and:
linux-image-3.16.2-grsec140908-21-dbg_3.16.2-grsec140908-21-1_amd64.deb

have "swapped sizes" somehow.

Pls. see there for more.

Spender and Pax Team, thank you again.

This kernel feels even better than the previous, but that may also be in part because I free my Debian systems from some poetteringware packages.

Pls. see my posts on Debian for that; I am reporting it here in these few words though, because now it is likely that I will be able to live systemd-free in my Debian boxes.

And so I will likely continue to use them, and so I will, Powers of The Universe permitting, continue to maintain these tips for Debian newbies to teach them how to install and use Grsecurity, for their freedom in this Orwellian society, to teach them as well as a somewhat advanced user which I am, but not an expert, can do.

Miroslav Rovis,
Zagreb, Croatia
http://www.CroatiaFidelis.hr
timbgo
 
Posts: 295
Joined: Tue Apr 16, 2013 9:34 am

Re: Tips on Grsecurity installation for Debian newbies

Postby mikeeusa2 » Thu Sep 18, 2014 6:33 am

First make sure you're not using Jessie. Jessie now ships with systemd and you'll have all kinds of problems even without grsecurity.
Wheezy is the last somewhat good, unix-work-alike, debian distro.

Now about the powers of the universe:
The one constant in life is as men find or invent new things to enjoy, their rulers will soon enough regulate or ban those things.
We are not allowed too much joy.

That goes for everything, be it girls, guns, sports, or software.
The best of all that is banned or buried.
mikeeusa2
 
Posts: 60
Joined: Thu May 15, 2008 1:54 am

Re: Tips on Grsecurity installation for Debian newbies

Postby mikeeusa2 » Thu Sep 18, 2014 6:40 am

Thanks for making the packages.
mikeeusa2
 
Posts: 60
Joined: Thu May 15, 2008 1:54 am

Re: Tips on Grsecurity installation for Debian newbies

Postby timbgo » Mon Sep 22, 2014 1:20 pm

mikeeusa2 wrote:Thanks for making the packages.


Thank *you* most kindly, mikeeusa2!
Happy to be useful.

I like all that you wrote, but we must keep to technical things for the most of the time.

Regarding jessie, I've participated in discussions about these frankestein changes in Debian very much. See:

How to avoid stealth installation of systemd?
http://forums.debian.net/viewtopic.php?f=20&t=116770

and other topics. We need to fight for the future of Debian, where gNSAoogl-Linux (it isn't anymore GNU) survives or breaks...

Currently tired from more fights with compromised packages/intrusion/other-but-related issues...

Will post, if the Fate allows, on:

grsec: halting the system due to suspicious kernel crash
viewtopic.php?f=3&t=3709

soon... With some more *new* development along those depicted, written, explained (by spender and PaX Team, some), and presented past development there.

Miroslav Rovis
Zagreb, Croatia
http://www.CroatiaFidelis.hr
timbgo
 
Posts: 295
Joined: Tue Apr 16, 2013 9:34 am

Re: Tips on Grsecurity installation for Debian newbies

Postby timbgo » Sun Oct 05, 2014 5:16 am

Very detailed instructions for newbies (again) and new packages:

Grsecurity/Pax installation on Debian GNU/Linux
http://forums.debian.net/viewtopic.php? ... 86#p555486

EDIT 2014-10-31: New 3.17.1 kernel Grsec packages instructions put in the same address above.

Miro
timbgo
 
Posts: 295
Joined: Tue Apr 16, 2013 9:34 am

Re: Tips on Grsecurity installation for Debian newbies

Postby timbgo » Thu Dec 11, 2014 2:16 am

These days I'll be working on updating my tip in Debian:
Grsecurity/Pax installation on Debian GNU/Linux
http://forums.debian.net/viewtopic.php? ... 45#p563219

It's not been yet two months (it hasn't; see the date on: http://forums.debian.net/viewtopic.php? ... 45#p558410), that I promised I would never allow the idle interval to grow to (and which would signal something might have happened to me, since I was politically persecuted, was almost jailed, and some of my friends were jailed, others emigrated, innocent them and me). I hope you'll be reading from me more yet here, since Grsec is my dearest twin program in the whole of FOSS Linuxdom. Thanks.

EDIT: Made new packages, improved the presentation on Debian Tips section, pls. see there.

Miroslav Rovis
Zagreb, Croatia
http://www.CroatiaFidelis.hr
timbgo
 
Posts: 295
Joined: Tue Apr 16, 2013 9:34 am

Re: Tips on Grsecurity installation for Debian newbies

Postby timbgo » Thu Jan 22, 2015 8:56 pm

Sadly, due to undeniable censorship and likely attempts at setting up spam from my computors to justify that censorship, I have to postpone updating thess tips, as I just wrote on Debian Forums:

Grsecurity/Pax installation on Debian GNU/Linux
http://forums.debian.net/viewtopic.php? ... 11#p566911

I'm working really hard. Really pin my hopes most in Grsecurity Hardening in my fight for freedom on the Internet, and hope to continue soon in the usual more frequent rythm.

Miroslav Rovis
Zagreb, Croatia
http://www.CroatiaFidelis.hr
timbgo
 
Posts: 295
Joined: Tue Apr 16, 2013 9:34 am

Re: Tips on Grsecurity installation for Debian newbies

Postby timbgo » Mon Jul 06, 2015 4:18 pm

A word of conclusion on the Installation tip (and a promise, if I manage to keep it) you can find here:

A no-poetteringware desktop RBAC policy
viewtopic.php?f=5&t=4153&p=15344#p15344

as I let the Debianers/Devuaners know, as well:

Grsecurity/Pax installation on Debian GNU/Linux
http://forums.debian.net/viewtopic.php? ... 60#p584160
timbgo
 
Posts: 295
Joined: Tue Apr 16, 2013 9:34 am

PreviousNext

Return to grsecurity support

cron