1 |
I requested a quote from GRsecurity and they told me that although they |
2 |
are looking at providing a package for personal customers they don't |
3 |
have one at the moment. They recommended minipli as the next best thing... |
4 |
|
5 |
What about the grsecurity-source overlay? |
6 |
|
7 |
On 29/03/18 11:47, Guillaume Ceccarelli wrote: |
8 |
> Hi all, |
9 |
> |
10 |
> I’ve been a grsecurity customer for a little over two years now, and |
11 |
> my use of it is as a small business, on Gentoo server installations. |
12 |
> While I can’t disclose the amount of money I’m paying publicly because |
13 |
> every deal is customized, I would encourage you to get in touch using |
14 |
> the contact form on grsecurity.net <http://grsecurity.net/> and ask |
15 |
> for a quote if you haven’t already. |
16 |
> |
17 |
> You might just end up with an arrangement you can afford, and grsec is |
18 |
> still certainly worth having today. Not only for the feature set, but |
19 |
> also for the constant looking over the mainline Linux kernel code, |
20 |
> including fixing and backporting more fixes than the regular kernel |
21 |
> stable releases, and for knowledge / emails giving context to |
22 |
> important kernel vulnerabilities when they occur. |
23 |
> |
24 |
> |
25 |
> Best, |
26 |
> |
27 |
> – Guillaume Ceccarelli |
28 |
> |
29 |
> On 28 Mar 2018, at 20:22, R0b0t1 <r030t1@×××××.com |
30 |
> <mailto:r030t1@×××××.com>> wrote: |
31 |
> |
32 |
>> On Wed, Mar 28, 2018 at 12:40 PM, Alex Efros <powerman@××××××××.name |
33 |
>> <mailto:powerman@××××××××.name>> wrote: |
34 |
>>> Hi! |
35 |
>>> |
36 |
>>> On Wed, Mar 28, 2018 at 06:06:00PM +0100, Robert Sharp wrote: |
37 |
>>>> Does anyone know of a good, post GRSecurity guide to reasonable |
38 |
>>>> security |
39 |
>>>> for the kernel? In the absence of anything else I will have to go back |
40 |
>>>> to the KSPP list and start removing stuff until I can get a stable |
41 |
>>>> kernel. |
42 |
>>> |
43 |
>>> I'm using https://github.com/minipli/linux-unofficial_grsec, but it |
44 |
>>> lacks |
45 |
>>> Spectre and Meltdown mitigation at the moment (see issues). Still, I |
46 |
>>> believe it's the best we can have now (better is probably paid |
47 |
>>> GrSec, but |
48 |
>>> AFAIK it's impossible or too costly to buy it for home or small |
49 |
>>> business). |
50 |
>>> |
51 |
>> |
52 |
>> Previous contributors have access to the code, but it doesn't seem |
53 |
>> like there is any way to go that route anymore. |
54 |
>> |