| 1 |
On Dec 11, 2011 12:48 AM, "Tanstaafl" <tanstaafl@×××××××××××.org> wrote: |
| 2 |
> |
| 3 |
> Hello all, |
| 4 |
> |
| 5 |
> I'm considering rolling out a new server with gentoo, but wanted to base |
| 6 |
it on the hardened profile, but the docs I've read so far all seem to be a |
| 7 |
bit vague about all the details. |
| 8 |
> |
| 9 |
> I've been using gentoo for a while on my hobby server, but I installed it |
| 10 |
about 8 years ago, and chose the 'server' profile, and I must say it has |
| 11 |
been a real pleasure to maintain, and the only real hiccup I ever |
| 12 |
experienced was the mailman update that moved the directories for the lists |
| 13 |
without telling me what to do about it (the fix was simple, and the devs |
| 14 |
swiftly fixed the lack of post-install docs). |
| 15 |
> |
| 16 |
> Does anyone know of a good How-To that covers *all* of the bases? Ie, |
| 17 |
which model is best - grsecurity, PAX, SeLinux - and how best to implement |
| 18 |
it? |
| 19 |
> |
| 20 |
> Thanks... |
| 21 |
> |
| 22 |
|
| 23 |
Oh, one more thing: |
| 24 |
|
| 25 |
If you don't need to milk your hardware for every last bit of performance, |
| 26 |
consider running the server inside a VM like XenServer. You gain the |
| 27 |
benefit of branchable snapshots, ease of migrating to a different physical |
| 28 |
box (as long as you don't use -march=native), and simpler menuconfig. Plus, |
| 29 |
if somehow your VM lost all connectivity, you don't need to visit the |
| 30 |
server; you can still manage it through XenServer's virtual console. |
| 31 |
|
| 32 |
I have been deploying my servers on top of XenServers, including one |
| 33 |
gateway/firewall that used to oversee 5 internet links + 1 LAN with an |
| 34 |
aggregate Internet bandwidth of 35 Mbps. Albeit running on an elderly |
| 35 |
Pentium 4 box, I have no performance problems at all, even when the |
| 36 |
gatewall does some very exotic iptables magic (my list of iptables rules is |
| 37 |
already longer than 100 lines). |
| 38 |
|
| 39 |
Rgds, |
Archives