Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-hardened

From: Ned Ludd <solar@g.o>
To: rshadow@××××××××××××××.net
Cc: gentoo-hardened@l.g.o
Subject: Re: [gentoo-hardened] First step to securing my server
Date: Thu, 03 Jun 2004 14:40:26
Message-Id: 1086273538.3550.117.camel@simple
In Reply to: Re: [gentoo-hardened] First step to securing my server by Steve B
1 Please try to Re: to the same thread vs starting a new one each time.
2
3 On Thu, 2004-06-03 at 07:04, Steve B wrote:
4 >
5 > --- Ned Ludd <solar@g.o> wrote:
6 > >loading x11 depends on options you enabled in the kernel. If you
7 > >configured your kernel for PaX (PAGEEXEC/SEGMEXEC) then xfree is going
8 > >to require extra permissions to run. We have patches that make xfree >not
9 > >require extra permissions to run by using the dlloader. However
10 > >unfortunately upstream has not been very respective.
11 >
12 > Is this patch a seperate ebuild that I will have to emerge?
13
14 No..
15
16 >
17 > >We will not answer this question. Our views are split on the subject.
18 > >In the end it's best for the user to decide for him/herself based on >his/her needs.
19 >
20 > Fair enough. I know very little about grSecurity and basicly nothing about selinux so I will have to read up on the both of them before I can make a choice.
21 >
22 > >Require? No.. Is it ideal yes. Will it make your life eaiser? probably >not.
23 > >Will you server be more secure than you started with. We sure fscking >hope so or we
24 > >have been waisting our time rebuilding gcc/glibc/binutils and >bootstrapping on an
25 > >almost daily basis over here.
26 >
27 > I am assuming by your response that it would proably be best if I started a build of Gentoo from scratch with hardened gcc.
28 > Other than the security guide on the Gentoo site, are there any other good resources that you would recommend? Basicly I'm not really a secuirty expert
29 > and I really want to know what I'm doing and at least a little of "why" before I jump into attempting to setup a secure gentoo installation again.
30
31 I'd recommend reading the PaX docs from start to finish. The when your
32 done do it again. After you finish that go read the last 10+ phracks.
33 Rinse and repeat.
34
35
36
37 > Thanks,
38 > Steve
39 >
40 >
41 > ______________________________________________________________________
42 > --
43 > gentoo-hardened@g.o mailing list
44 --
45 Ned Ludd <solar@g.o>
46 Gentoo (hardened,security,infrastructure,embedded,toolchain) Developer

Attachments

File name MIME type
signature.asc application/pgp-signature
Report Message
Find on MARC Find on Google Groups