Gentoo Archives: gentoo-hardened

From:	Alex Efros <powerman@××××××××××××××××××.com>
To:	gentoo-hardened@l.g.o
Subject:	Re: [gentoo-hardened] Switching to hardened
Date:	Thu, 05 Oct 2006 16:16:39
Message-Id:	`20061005161449.GA17914@home.power`
In Reply to:	Re: [gentoo-hardened] Switching to hardened by Darknight

1	Hi!
2
3	On Thu, Oct 05, 2006 at 05:49:40PM +0200, Darknight wrote:
4	> I should have mentioned this important bit: I'm still with old glibc and gcc
5	> so I can switch, I need to understand if it's a bad gamble or completely
6	> safe.
7
8	I think it's safe. I've converted all my servers to hardened some time ago
9	without any problems. Here is versions I've now:
10	sys-devel/binutils-2.16.1-r3
11	sys-devel/gcc-3.4.6-r1
12	sys-kernel/hardened-sources-2.6.16-r11
13	sys-kernel/linux-headers-2.6.11-r5
14	sys-libs/glibc-2.3.6-r4
15	If you've newer versions - this may be a problem.
16	If you've older versions - it may be good idea to upgrade to these
17	versions first (with upgrading/recompiling all other packages), and after
18	you'll be sure everything is working you can convert to hardened
19	(i.e. recompiling everything once again to get SAME versions of all packages
20	but with hardened now).
21
22	Here is list of commands I've used to convert my servers to hardened:
23
24	emerge hardened-sources
25
26	# Now configure this kernel (without hardened features yet),
27	# then compile/boot this kernel.
28
29	ln -snf ../usr/portage/profiles/hardened/x86/2.6/ /etc/make.profile
30
31	# Remove all extra optimization from CFLAGS in /etc/make.conf and
32	# set -O2.
33
34	# Clean up your $PKGDIR (usually /usr/portage/packages/) to optimize
35	# compile time using emerge -b and emerge -k later.
36
37	emerge -C linux-headers
38	emerge linux-headers glibc binutils gcc-config gcc
39
40	# Here do all operations needed for upgrading gcc, if needed.
41
42	emerge -b glibc binutils gcc portage
43	emerge -bke system
44	emerge -ke world
45
46	glsa-check -l \| grep '\[N\]'
47
48	# Manually upgrade packages shown by glsa-check, if needed.
49
50	emerge -a --depclean
51	emerge -uDNa world
52
53	emerge paxtest paxctl gradm
54
55	revdep-rebuild
56
57	dispatch-conf
58
59	# Now reconfigure kernel with switched on hardened features,
60	# then compile/boot this kernel.
61
62	--
63	WBR, Alex.
64	--
65	gentoo-hardened@g.o mailing list

Replies

Subject	Author
Re: [gentoo-hardened] Switching to hardened	Darknight <darknight7@×××××××.it>
Re: [gentoo-hardened] Switching to hardened	Brian Davis <bridavis@×××××××.net>

Report Message

Find on MARC Find on Google Groups