1 |
Rumen Yotov wrote: |
2 |
|
3 |
>Hi, |
4 |
>Wanna install a hardened-system using RSBAC-sources and 2005.0 universal_CD. |
5 |
>Could i install with hstage3 from the beginning or have to use a stage3? |
6 |
>Later plan to use a normal 2005.0-profile with +hardened, +pic, +pie USE-flags |
7 |
>(is this possible with rsbac+PaX kernel) or it's better to use a |
8 |
>hardened-profile? |
9 |
>Opinions about using RSBAC+PaX+hardened-toolchain+PIC/PIE+Xorg? |
10 |
>TIA |
11 |
>Rumen |
12 |
> |
13 |
> |
14 |
|
15 |
You can use a hardened stage 3 instead of a normal stage 3, without |
16 |
having to install a normal stage 3 first. |
17 |
|
18 |
For the profile, see: |
19 |
|
20 |
/usr/portage/profiles/hardened/x86 |
21 |
|
22 |
there are all settings which are used by this profile. Basically, default flags, some virtuals, etc. |
23 |
|
24 |
|
25 |
basically you get "berkdb crypt dlloader hardened nls pam pic pie |
26 |
readline ssl tcpd zlib userlocales" flags, a few hardened-masked |
27 |
packages maybe, and other things aren't really related to RSBAC. Beware, |
28 |
hardened default profile is 2.4 and so you will have a RSBAC 2.4 kernel |
29 |
You must link to |
30 |
|
31 |
/usr/portage/profiles/hardened/x86/2.6 to use a 2.6 kernel |
32 |
|
33 |
. If you use 2005.0 default profile, RSBAC will be a 2.6 kernel. |
34 |
|
35 |
You can use either the hardened profile (see hardened Faq for help |
36 |
switching to this profile), either the use keywords you mentionned with |
37 |
RSBAC. |
38 |
|
39 |
Good luck! |
40 |
-- |
41 |
gentoo-hardened@g.o mailing list |