On Sat, 10 Dec 2011 15:17:47 -0500
Tanstaafl <tanstaafl@...> wrote:

> Hello all,
> 
> I'm considering rolling out a new server with gentoo, but wanted to
> base it on the hardened profile, but the gentoo docs I've read so far
> all seem to be a bit vague about all the details.
> 
> I've been using gentoo for a while on my hobby server, but I
> installed it about 8 years ago, and chose the 'server' profile, and I
> must say it has been a real pleasure to maintain, with the only real
> hiccup I ever experienced being the mailman update that moved the
> directories for the lists without telling me what to do about it (the
> fix was simple, and the devs swiftly fixed the lack of post-install
> docs).
> 
> Does anyone know of a good How-To that covers *all* of the bases? Ie, 
> which model is best - grsecurity, PAX, SeLinux - and how best to 
> implement it?
> 
> The purpose of this server will be as a mail server (dovecot,
> postfix, amavisd-new/spamassassin, mailman), and hosting a few small
> websites.
> 
> Thanks...
> 

As with most things gentoo, 'best' is a mater of opinion.  I personally
use grsec (includes pax) for hardening and selinux for policies.  To
convert you generally do the following.

profile-config set 12 (this sets to nomultilib selinux)
emerge system
emerge world

Since I'm paranoid revdep-rebuild too.

-- 
Matthew Thode (prometheanfire)