1 |
On 2011-12-10 3:07 PM, Matthew Finkel <matthew.finkel@×××××.com> wrote: |
2 |
> |
3 |
> You may be able to get a better response from the -hardened list, |
4 |
|
5 |
Dang, I had forgotten gentoo has a bunch of other lists... thanks, just |
6 |
subscribed... |
7 |
|
8 |
> but I built a hardened server a few months ago without much |
9 |
> difficulty. As far as I know, the correct model to use depends on |
10 |
> what you want to do with the server/what security you are looking to |
11 |
> implement. When I went hardened, I used PaX and grsec [1] because it |
12 |
> offered the security I was looking for but didn't restrict userland |
13 |
> usability on a server on which I was the only user. My understanding |
14 |
> is that this restriction would be a consequence of using SeLinux. |
15 |
|
16 |
Yeah, I was leaning toward avoiding SeLinux already from what I've been |
17 |
reading, thanks... |
18 |
|
19 |
> [1] http://www.gentoo.org/proj/en/hardened/grsecurity.xml |
20 |
> |
21 |
> As for a solid comparison of the different models and tutorials for |
22 |
> them, I don't know of any. I just used [1] as well as the PaX page to |
23 |
> install and configure them and I didn't run into any problems. |
24 |
|
25 |
Good to know, and thanks again... |