1 |
On Sunday 14 December 2003 00:28, Gavin wrote: |
2 |
> I really need your expert advice on which path is more likely to lead to |
3 |
> success (e.g. grsecurity vs. selinux). I can invest about a week of my |
4 |
> time into the setup process, but no more. Thus I dare not try 3 or 4 of |
5 |
> the various secure kernal packages before selecting a final one. If things |
6 |
> don't work after a week, everything is a bust for me. I can find and fix |
7 |
> bugs in Apache 2 and PHP source code, but I'm not yet familiar with the |
8 |
> inner working of grsecurity, pax, propolice, selinux .. there's only 24 |
9 |
> hours in each day ;) I would like the security features of grsecurity 2, |
10 |
> including pax, but am not glued to the idea of using grsecurity. |
11 |
|
12 |
Probably not an expert's advice, but I highly suggest grsecurity in this case. |
13 |
From my opinion, it is easier to setup than SELinux (which seems to be |
14 |
offering the most flexible ACLs on everything) and has all necessaries for |
15 |
production server. |
16 |
GRSecurity has basic demo ACLs in standard setup, based on those you can |
17 |
"lock" the server and allow only "trusted" processes/actions. |
18 |
|
19 |
regards, |
20 |
M. |
21 |
|
22 |
|
23 |
-- |
24 |
gentoo-hardened@g.o mailing list |