Re: Securing Fedora Core 4
From: Joachim Schipper (j.schipper_at_math.uu.nl)
Date: 09/24/05
- Previous message: Fco. Jose Garrido Matamoros: "Re: Securing Fedora Core 4"
- In reply to: Cocobu: "Re: Securing Fedora Core 4"
- Next in thread: Ryan Cummings: "Re: Securing Fedora Core 4"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 24 Sep 2005 22:37:49 +0200 To: focus-linux@securityfocus.com
> AragonX a ?crit :
>
> ><quote who="Cocobu">
> >
> >
> >>A good idea is patching the kernel with grsecurity
> >>(http://www.grsecurity.net/)
> >>
> >>Just my 2 cent.
> >>
> >>
> >
> >That's the 2nd time I've heard that package suggested. I checked out the
> >web site and it looks very powerful. How easy is it to configure and
> >understand?
> >
> >My major problem with SELinux was that it was so complex, I couldn't see
> >everything it was doing easily. That made it a not so good security tool
> >for me because I just had to trust that it was doing the right job and
> >doing it well...
On Fri, Sep 23, 2005 at 02:58:39PM -1000, Cocobu wrote:
> There is a quickstart paper on installing and configuring grsecurity
> (http://www.grsecurity.net/quickstart.pdf)
GrSecurity has the very powerful advantage of working well without
ACLs/MAC. There is a MAC subsystem, to be sure, but what I like most is
the randomization of all and sundry and the hardened chroot() jails.
MAC is complex, difficult to set up, very nonportable and not very
UNIX-like. Chroot() works just fine.
Additionally, the grsecurity patch contains the important kernel
security patches when/if required, and tracks the new kernel pretty well
(though it's a little behind right now).
Joachim
- Previous message: Fco. Jose Garrido Matamoros: "Re: Securing Fedora Core 4"
- In reply to: Cocobu: "Re: Securing Fedora Core 4"
- Next in thread: Ryan Cummings: "Re: Securing Fedora Core 4"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
