| 1 |
-----BEGIN PGP SIGNED MESSAGE----- |
| 2 |
Hash: SHA1 |
| 3 |
|
| 4 |
On 17.08.2012 11:47, Grant wrote: |
| 5 |
>>>> I recently moved my server from: |
| 6 |
>>>> |
| 7 |
>>>> 3.2.11-hardened Security Level (Hardened Gentoo [server]) |
| 8 |
>>>> |
| 9 |
>>>> to: |
| 10 |
>>>> |
| 11 |
>>>> 3.4.5-hardened Configuration Method (Automatic) Usage Type |
| 12 |
>>>> (Server) Virtualization Type (None) Required Priorities |
| 13 |
>>>> (Security) |
| 14 |
>>>> |
| 15 |
>>>> and http became extremely slow. Some pages that would |
| 16 |
>>>> normally execute in 1 second would take 10 seconds or more. |
| 17 |
>>>> There is a lot of php and perl server-side stuff so the |
| 18 |
>>>> slowdown may have been rooted in that. I changed to Required |
| 19 |
>>>> Priorities (Performance) and everything sped back up to |
| 20 |
>>>> normal. My laptop was moved to the following at the same |
| 21 |
>>>> time and I didn't notice any performance change: |
| 22 |
>>>> |
| 23 |
>>>> 3.4.5-hardened Configuration Method (Automatic) Usage Type |
| 24 |
>>>> (Desktop) Virtualization Type (None) Required Priorities |
| 25 |
>>>> (Security) |
| 26 |
>>>> |
| 27 |
>>>> Is this sort of behavior expected from a server? |
| 28 |
>>>> |
| 29 |
>>>> - Grant |
| 30 |
>>> |
| 31 |
>>> This may have been a false alarm. I think I've been having |
| 32 |
>>> intermittent network problems to part of the internet. Can |
| 33 |
>>> anyone confirm that the above config shouldn't slow down an |
| 34 |
>>> http server? |
| 35 |
>>> |
| 36 |
>>> - Grant |
| 37 |
>>> |
| 38 |
>> |
| 39 |
>> It's hard to make any generalisations but I have some servers |
| 40 |
>> with similar grsec-autoconfig (server instead of desktop) and no |
| 41 |
>> noticable slowdown (I'd say nothing more that 10%). I'd recommend |
| 42 |
>> to use 3.5.1-r2 (testing) or 3.2.27 (stable), though. |
| 43 |
>> |
| 44 |
>> WKR Hinnerk |
| 45 |
> |
| 46 |
> 3.4.5 is the latest stable, right? |
| 47 |
> |
| 48 |
> http://packages.gentoo.org/package/sys-kernel/hardened-sources |
| 49 |
> |
| 50 |
> I'm using Server too. I'm using Desktop on my laptop. |
| 51 |
> |
| 52 |
> - Grant |
| 53 |
> |
| 54 |
|
| 55 |
Sorry, |
| 56 |
I misread the part about the laptop. As far as I remember the only |
| 57 |
supported versions by Upstream are 2.6.32.59 and 3.2.27 as stable and |
| 58 |
3.5.2 as testing (the versions on grsecurity.net, right now). |
| 59 |
Other versions aren't supported by upstream. |
| 60 |
Actually I'm not sure what is stable for gentoo since I'm using ~arch |
| 61 |
myself. |
| 62 |
|
| 63 |
- - Hinnerk |
| 64 |
-----BEGIN PGP SIGNATURE----- |
| 65 |
Version: GnuPG v2.0.19 (GNU/Linux) |
| 66 |
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ |
| 67 |
|
| 68 |
iQEcBAEBAgAGBQJQLhWiAAoJEJwwOFaNFkYcvy8IANEV6my1npZhaoWYPcZ8Yt65 |
| 69 |
sdZIKkcbOmkT4ApEaf3p5BuvNU0FFpnCEKbyrw+40M98WNgKYewuOgVJcHMl0aWq |
| 70 |
fEJKuGTr9KVavgmnUfudSwh12Fyp9huJ9XzakoFsbjidxqM70U5C1H8AS251ml6F |
| 71 |
ITvG/9erhB+FnZpBhtb4GCFAYb+VP1fnP1SP4ZZvVHuFRk1OOpxiRJzuNn53M6JD |
| 72 |
5HQQdOM/6dJYNIPp+7ynTyK+lHYqVkrDDId3pBoLzp9dZxMzTbgAKLfBbaDNm3Uh |
| 73 |
EXYfi8XvjhDvptJWDV4x9AZghishkseyJDoZwRislAR1pQqG7ypu3iYD7euVM8s= |
| 74 |
=nv9x |
| 75 |
-----END PGP SIGNATURE----- |
Archives