1 |
Chris S wrote: |
2 |
|
3 |
> Rumen Yotov wrote: |
4 |
> |
5 |
>> Hi, |
6 |
>> |
7 |
>> Beside grsec in hardened (grsec2&PaX) there is also the |
8 |
>> PaX-kernel-patch. |
9 |
>> If an app tries to exec data as code, then it's PaX thing. PaX refuses |
10 |
>> to run data as code (if configured). |
11 |
>> Check the logs to see why/who stops the program/s. |
12 |
>> HTH. Rumen |
13 |
>> |
14 |
>> |
15 |
> Thank you, I will check that. However, short of emerging |
16 |
> hardened-sources I actually have not yet turned a single security |
17 |
> feature on (I was waiting until I had the system sorted first). So I |
18 |
> doubt syslog will show much. I will find out however and let you know! |
19 |
> |
20 |
> Cheers |
21 |
|
22 |
Hi, |
23 |
Think there are some (PaX&grsec) features turned ON by default in kernel |
24 |
config. |
25 |
Check the kernel-config and read the PaX docs at: http://pax.grsecurity.net. |
26 |
IMHO PaX config is only done/active in the kernel, later you could |
27 |
change something throu: paxctl or chpax utils on some binaries/apps. |
28 |
Grsec could be configured/changed later more easy (/etc/sysctl.conf & |
29 |
/proc) RBAC/ACL throu gradm. |
30 |
HTH. Rumen |