1 |
On Mon, 2007-01-15 at 22:08 +0100, Michael wrote: |
2 |
> Hi Viktors, |
3 |
> |
4 |
> Thanks for all your answers. You mentioned some things I wasn't thinking |
5 |
> about at all. My solution would only work if I or the other admin (who |
6 |
> is the owner) would notice increased use in bandwith, and it would only |
7 |
> work to the point that they can't harm the installation on the server a |
8 |
> lot. |
9 |
> |
10 |
> You've quite convinced me of your solution, but should I expect a lot |
11 |
> more work to build and maintain gentoo installs with grsec and hardened? |
12 |
> |
13 |
> For me it won't be much of a problem, but the other admin is still |
14 |
> learning gentoo (he never used linux before) but he should be able to |
15 |
> maintain the server without me so it shouldn't be to hard for him |
16 |
> either... Security is more important of course, but the easier the |
17 |
> better (or the more automation the better). |
18 |
> |
19 |
> Should I expect to be able to install grsec and hardened and have it |
20 |
> work just like a normal gentoo install? |
21 |
|
22 |
Yes pretty much. grsec+pax+hardened-toolchain(even w/o RBAC/SE/RSBAC) |
23 |
offers admins a mostly transparent security system that vastly |
24 |
improves security on linux. RBAC/SE/RSBAC mostly are for containing |
25 |
an intrusion after it's already happened. With grsec+pax+toolchain the |
26 |
idea is to prevent the intrusion from happening in the first place. |
27 |
|
28 |
-- |
29 |
Ned Ludd <solar@g.o> |
30 |
Gentoo Linux |
31 |
|
32 |
-- |
33 |
gentoo-hardened@g.o mailing list |