| 1 |
On Saturday, 23 December 2017 17:46:20 GMT Michael Orlitzky wrote: |
| 2 |
> On 12/23/2017 09:09 AM, Peter Humphrey wrote: |
| 3 |
> > Hello list, |
| 4 |
> > |
| 5 |
> > Now that grsecurity is off-limits, I'm left wondering how to go about |
| 6 |
> > hardening a no-multilib box that will be exposed to the Big Bad World. |
| 7 |
> |
| 8 |
> You can still use grsec/pax if you're willing to stick with an older |
| 9 |
> (LTS) kernel: |
| 10 |
> |
| 11 |
> https://github.com/minipli/linux-unofficial_grsec/tree/linux-4.9.x-unoffic |
| 12 |
> ial_grsec |
| 13 |
|
| 14 |
Oh, that's good - thanks Michael. |
| 15 |
|
| 16 |
> > To start with, it's not obvious which profile to use: |
| 17 |
> > |
| 18 |
> > $ eselect profile list | grep no-multi | grep hardened |
| 19 |
> > |
| 20 |
> > [23] default/linux/amd64/17.0/no-multilib/hardened |
| 21 |
> > [24] default/linux/amd64/17.0/no-multilib/hardened/selinux |
| 22 |
> |
| 23 |
> One of those two, depending on whether or not you use SELinux. |
| 24 |
|
| 25 |
Thanks again for the advice. |
| 26 |
|
| 27 |
-- |
| 28 |
Regards, |
| 29 |
Peter. |
Archives