| 1 |
On Sunday 14 December 2003 00:28, Gavin wrote: |
| 2 |
> I really need your expert advice on which path is more likely to lead to |
| 3 |
> success (e.g. grsecurity vs. selinux). I can invest about a week of my |
| 4 |
> time into the setup process, but no more. Thus I dare not try 3 or 4 of |
| 5 |
> the various secure kernal packages before selecting a final one. If things |
| 6 |
> don't work after a week, everything is a bust for me. I can find and fix |
| 7 |
> bugs in Apache 2 and PHP source code, but I'm not yet familiar with the |
| 8 |
> inner working of grsecurity, pax, propolice, selinux .. there's only 24 |
| 9 |
> hours in each day ;) I would like the security features of grsecurity 2, |
| 10 |
> including pax, but am not glued to the idea of using grsecurity. |
| 11 |
|
| 12 |
Probably not an expert's advice, but I highly suggest grsecurity in this case. |
| 13 |
From my opinion, it is easier to setup than SELinux (which seems to be |
| 14 |
offering the most flexible ACLs on everything) and has all necessaries for |
| 15 |
production server. |
| 16 |
GRSecurity has basic demo ACLs in standard setup, based on those you can |
| 17 |
"lock" the server and allow only "trusted" processes/actions. |
| 18 |
|
| 19 |
regards, |
| 20 |
M. |
| 21 |
|
| 22 |
|
| 23 |
-- |
| 24 |
gentoo-hardened@g.o mailing list |
Archives