1 |
On Saturday, 23 December 2017 17:46:20 GMT Michael Orlitzky wrote: |
2 |
> On 12/23/2017 09:09 AM, Peter Humphrey wrote: |
3 |
> > Hello list, |
4 |
> > |
5 |
> > Now that grsecurity is off-limits, I'm left wondering how to go about |
6 |
> > hardening a no-multilib box that will be exposed to the Big Bad World. |
7 |
> |
8 |
> You can still use grsec/pax if you're willing to stick with an older |
9 |
> (LTS) kernel: |
10 |
> |
11 |
> https://github.com/minipli/linux-unofficial_grsec/tree/linux-4.9.x-unoffic |
12 |
> ial_grsec |
13 |
|
14 |
Oh, that's good - thanks Michael. |
15 |
|
16 |
> > To start with, it's not obvious which profile to use: |
17 |
> > |
18 |
> > $ eselect profile list | grep no-multi | grep hardened |
19 |
> > |
20 |
> > [23] default/linux/amd64/17.0/no-multilib/hardened |
21 |
> > [24] default/linux/amd64/17.0/no-multilib/hardened/selinux |
22 |
> |
23 |
> One of those two, depending on whether or not you use SELinux. |
24 |
|
25 |
Thanks again for the advice. |
26 |
|
27 |
-- |
28 |
Regards, |
29 |
Peter. |