1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA1 |
3 |
|
4 |
On 17.08.2012 11:47, Grant wrote: |
5 |
>>>> I recently moved my server from: |
6 |
>>>> |
7 |
>>>> 3.2.11-hardened Security Level (Hardened Gentoo [server]) |
8 |
>>>> |
9 |
>>>> to: |
10 |
>>>> |
11 |
>>>> 3.4.5-hardened Configuration Method (Automatic) Usage Type |
12 |
>>>> (Server) Virtualization Type (None) Required Priorities |
13 |
>>>> (Security) |
14 |
>>>> |
15 |
>>>> and http became extremely slow. Some pages that would |
16 |
>>>> normally execute in 1 second would take 10 seconds or more. |
17 |
>>>> There is a lot of php and perl server-side stuff so the |
18 |
>>>> slowdown may have been rooted in that. I changed to Required |
19 |
>>>> Priorities (Performance) and everything sped back up to |
20 |
>>>> normal. My laptop was moved to the following at the same |
21 |
>>>> time and I didn't notice any performance change: |
22 |
>>>> |
23 |
>>>> 3.4.5-hardened Configuration Method (Automatic) Usage Type |
24 |
>>>> (Desktop) Virtualization Type (None) Required Priorities |
25 |
>>>> (Security) |
26 |
>>>> |
27 |
>>>> Is this sort of behavior expected from a server? |
28 |
>>>> |
29 |
>>>> - Grant |
30 |
>>> |
31 |
>>> This may have been a false alarm. I think I've been having |
32 |
>>> intermittent network problems to part of the internet. Can |
33 |
>>> anyone confirm that the above config shouldn't slow down an |
34 |
>>> http server? |
35 |
>>> |
36 |
>>> - Grant |
37 |
>>> |
38 |
>> |
39 |
>> It's hard to make any generalisations but I have some servers |
40 |
>> with similar grsec-autoconfig (server instead of desktop) and no |
41 |
>> noticable slowdown (I'd say nothing more that 10%). I'd recommend |
42 |
>> to use 3.5.1-r2 (testing) or 3.2.27 (stable), though. |
43 |
>> |
44 |
>> WKR Hinnerk |
45 |
> |
46 |
> 3.4.5 is the latest stable, right? |
47 |
> |
48 |
> http://packages.gentoo.org/package/sys-kernel/hardened-sources |
49 |
> |
50 |
> I'm using Server too. I'm using Desktop on my laptop. |
51 |
> |
52 |
> - Grant |
53 |
> |
54 |
|
55 |
Sorry, |
56 |
I misread the part about the laptop. As far as I remember the only |
57 |
supported versions by Upstream are 2.6.32.59 and 3.2.27 as stable and |
58 |
3.5.2 as testing (the versions on grsecurity.net, right now). |
59 |
Other versions aren't supported by upstream. |
60 |
Actually I'm not sure what is stable for gentoo since I'm using ~arch |
61 |
myself. |
62 |
|
63 |
- - Hinnerk |
64 |
-----BEGIN PGP SIGNATURE----- |
65 |
Version: GnuPG v2.0.19 (GNU/Linux) |
66 |
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ |
67 |
|
68 |
iQEcBAEBAgAGBQJQLhWiAAoJEJwwOFaNFkYcvy8IANEV6my1npZhaoWYPcZ8Yt65 |
69 |
sdZIKkcbOmkT4ApEaf3p5BuvNU0FFpnCEKbyrw+40M98WNgKYewuOgVJcHMl0aWq |
70 |
fEJKuGTr9KVavgmnUfudSwh12Fyp9huJ9XzakoFsbjidxqM70U5C1H8AS251ml6F |
71 |
ITvG/9erhB+FnZpBhtb4GCFAYb+VP1fnP1SP4ZZvVHuFRk1OOpxiRJzuNn53M6JD |
72 |
5HQQdOM/6dJYNIPp+7ynTyK+lHYqVkrDDId3pBoLzp9dZxMzTbgAKLfBbaDNm3Uh |
73 |
EXYfi8XvjhDvptJWDV4x9AZghishkseyJDoZwRislAR1pQqG7ypu3iYD7euVM8s= |
74 |
=nv9x |
75 |
-----END PGP SIGNATURE----- |