| 1 |
On 12/23/2017 09:09 AM, Peter Humphrey wrote: |
| 2 |
> Hello list, |
| 3 |
> |
| 4 |
> Now that grsecurity is off-limits, I'm left wondering how to go about |
| 5 |
> hardening a no-multilib box that will be exposed to the Big Bad World. |
| 6 |
|
| 7 |
You can still use grsec/pax if you're willing to stick with an older |
| 8 |
(LTS) kernel: |
| 9 |
|
| 10 |
https://github.com/minipli/linux-unofficial_grsec/tree/linux-4.9.x-unofficial_grsec |
| 11 |
|
| 12 |
|
| 13 |
> To start with, it's not obvious which profile to use: |
| 14 |
> |
| 15 |
> $ eselect profile list | grep no-multi | grep hardened |
| 16 |
> [23] default/linux/amd64/17.0/no-multilib/hardened |
| 17 |
> [24] default/linux/amd64/17.0/no-multilib/hardened/selinux |
| 18 |
|
| 19 |
One of those two, depending on whether or not you use SELinux. |
Archives