1 |
On Dec 11, 2011 3:17 AM, "Tanstaafl" <tanstaafl@×××××××××××.org> wrote: |
2 |
> |
3 |
> On 2011-12-10 3:07 PM, Matthew Finkel <matthew.finkel@×××××.com> wrote: |
4 |
>> |
5 |
>> |
6 |
>> You may be able to get a better response from the -hardened list, |
7 |
> |
8 |
> |
9 |
> Dang, I had forgotten gentoo has a bunch of other lists... thanks, just |
10 |
subscribed... |
11 |
> |
12 |
|
13 |
Don't forget gentoo-server! It's full of people who deploy and manage |
14 |
servers daily :-) |
15 |
|
16 |
>> but I built a hardened server a few months ago without much |
17 |
>> difficulty. As far as I know, the correct model to use depends on |
18 |
>> what you want to do with the server/what security you are looking to |
19 |
>> implement. When I went hardened, I used PaX and grsec [1] because it |
20 |
>> offered the security I was looking for but didn't restrict userland |
21 |
>> usability on a server on which I was the only user. My understanding |
22 |
>> is that this restriction would be a consequence of using SeLinux. |
23 |
> |
24 |
> |
25 |
> Yeah, I was leaning toward avoiding SeLinux already from what I've been |
26 |
reading, thanks... |
27 |
> |
28 |
|
29 |
Nothing beats the security of SELinux. But along with that, there will be a |
30 |
HUGE learning curve and management complexity. |
31 |
|
32 |
GrSec + PaX are enough for me. |
33 |
|
34 |
>> [1] http://www.gentoo.org/proj/en/hardened/grsecurity.xml |
35 |
>> |
36 |
>> As for a solid comparison of the different models and tutorials for |
37 |
>> them, I don't know of any. I just used [1] as well as the PaX page to |
38 |
>> install and configure them and I didn't run into any problems. |
39 |
> |
40 |
> |
41 |
> Good to know, and thanks again... |
42 |
> |
43 |
|
44 |
If you decide to deploy PaX, do read the help pages for PaX options; there |
45 |
are settings that might be severely detrimental for certain hardware |
46 |
combinations. |
47 |
|
48 |
Rgds, |