| 1 |
Chris S wrote: |
| 2 |
|
| 3 |
> Rumen Yotov wrote: |
| 4 |
> |
| 5 |
>> Hi, |
| 6 |
>> |
| 7 |
>> Beside grsec in hardened (grsec2&PaX) there is also the |
| 8 |
>> PaX-kernel-patch. |
| 9 |
>> If an app tries to exec data as code, then it's PaX thing. PaX refuses |
| 10 |
>> to run data as code (if configured). |
| 11 |
>> Check the logs to see why/who stops the program/s. |
| 12 |
>> HTH. Rumen |
| 13 |
>> |
| 14 |
>> |
| 15 |
> Thank you, I will check that. However, short of emerging |
| 16 |
> hardened-sources I actually have not yet turned a single security |
| 17 |
> feature on (I was waiting until I had the system sorted first). So I |
| 18 |
> doubt syslog will show much. I will find out however and let you know! |
| 19 |
> |
| 20 |
> Cheers |
| 21 |
|
| 22 |
Hi, |
| 23 |
Think there are some (PaX&grsec) features turned ON by default in kernel |
| 24 |
config. |
| 25 |
Check the kernel-config and read the PaX docs at: http://pax.grsecurity.net. |
| 26 |
IMHO PaX config is only done/active in the kernel, later you could |
| 27 |
change something throu: paxctl or chpax utils on some binaries/apps. |
| 28 |
Grsec could be configured/changed later more easy (/etc/sysctl.conf & |
| 29 |
/proc) RBAC/ACL throu gradm. |
| 30 |
HTH. Rumen |
Archives