| 1 |
On Dec 11, 2011 3:17 AM, "Tanstaafl" <tanstaafl@×××××××××××.org> wrote: |
| 2 |
> |
| 3 |
> On 2011-12-10 3:07 PM, Matthew Finkel <matthew.finkel@×××××.com> wrote: |
| 4 |
>> |
| 5 |
>> |
| 6 |
>> You may be able to get a better response from the -hardened list, |
| 7 |
> |
| 8 |
> |
| 9 |
> Dang, I had forgotten gentoo has a bunch of other lists... thanks, just |
| 10 |
subscribed... |
| 11 |
> |
| 12 |
|
| 13 |
Don't forget gentoo-server! It's full of people who deploy and manage |
| 14 |
servers daily :-) |
| 15 |
|
| 16 |
>> but I built a hardened server a few months ago without much |
| 17 |
>> difficulty. As far as I know, the correct model to use depends on |
| 18 |
>> what you want to do with the server/what security you are looking to |
| 19 |
>> implement. When I went hardened, I used PaX and grsec [1] because it |
| 20 |
>> offered the security I was looking for but didn't restrict userland |
| 21 |
>> usability on a server on which I was the only user. My understanding |
| 22 |
>> is that this restriction would be a consequence of using SeLinux. |
| 23 |
> |
| 24 |
> |
| 25 |
> Yeah, I was leaning toward avoiding SeLinux already from what I've been |
| 26 |
reading, thanks... |
| 27 |
> |
| 28 |
|
| 29 |
Nothing beats the security of SELinux. But along with that, there will be a |
| 30 |
HUGE learning curve and management complexity. |
| 31 |
|
| 32 |
GrSec + PaX are enough for me. |
| 33 |
|
| 34 |
>> [1] http://www.gentoo.org/proj/en/hardened/grsecurity.xml |
| 35 |
>> |
| 36 |
>> As for a solid comparison of the different models and tutorials for |
| 37 |
>> them, I don't know of any. I just used [1] as well as the PaX page to |
| 38 |
>> install and configure them and I didn't run into any problems. |
| 39 |
> |
| 40 |
> |
| 41 |
> Good to know, and thanks again... |
| 42 |
> |
| 43 |
|
| 44 |
If you decide to deploy PaX, do read the help pages for PaX options; there |
| 45 |
are settings that might be severely detrimental for certain hardware |
| 46 |
combinations. |
| 47 |
|
| 48 |
Rgds, |
Archives