1 |
There has been a lot of activity on this list since I last checked in. |
2 |
|
3 |
Which set of packages would you recommend to secure a new production server running MySQL (threaded), Apache 2 (threaded) using the Apache suexec cgi, and FastCGI PHP (standalone non-threaded), and Postfix MTA? Untrusted users will have sftp access to the server. I've seen one web hosting company have good results for a similar configuration using Slackware + grsecurity. |
4 |
|
5 |
I really need your expert advice on which path is more likely to lead to success (e.g. grsecurity vs. selinux). I can invest about a week of my time into the setup process, but no more. Thus I dare not try 3 or 4 of the various secure kernal packages before selecting a final one. If things don't work after a week, everything is a bust for me. I can find and fix bugs in Apache 2 and PHP source code, but I'm not yet familiar with the inner working of grsecurity, pax, propolice, selinux .. there's only 24 hours in each day ;) I would like the security features of grsecurity 2, including pax, but am not glued to the idea of using grsecurity. |
6 |
|
7 |
In order to achieve a stable production system supporting the services above, which set of *currently* available packages should I emerge in which sequence, and when to enable/disable ~x86? I'm willing to take a little risk in terms of stability in order to achieve my security goals. |
8 |
|
9 |
Perhaps its not possible? http://info.ccone.at/INFO/Mail-Archives/OpenNA/Jul-2003/msg00027.html |
10 |
|
11 |
Thanks for any and all tips! |
12 |
|
13 |
Cheers, |
14 |
Gavin |
15 |
|
16 |
-- |
17 |
gentoo-hardened@g.o mailing list |