1 |
On Tuesday 04 Jul 2017 05:20:41 Ian Bloss wrote: |
2 |
> You should use the hardened profile with the harden sources. On terms with |
3 |
> security you could compile a hardened kernel but you sacrifice ease of |
4 |
> use by having to manage pax and if you choose an RBAC system like SElinux |
5 |
> or grsecuritys adds more burden. |
6 |
> |
7 |
> Security isn't a product, so I would recommend sticking with regular |
8 |
> profile with stable packages, and be mindful of what you have opened up to |
9 |
> the internet. I would also recommend just reading up on linux security in |
10 |
> general to understand what you're trying to make yourself more secure to. |
11 |
|
12 |
I second that last point. I looked into hardened Gentoo some years ago and |
13 |
came to the conclusion that it wasn't worth all the extra trouble. My |
14 |
impression (though I could easily be wrong) is that hardening is intended |
15 |
more for protection against local threats, like someone else sitting in your |
16 |
seat, than anything coming in over the wires. |
17 |
|
18 |
In the end I just used the stable sources with a decent firewall: shorewall, |
19 |
in fact. If your network setup isn't too unusual, you can use one of their |
20 |
standard sets of configuration files. |
21 |
|
22 |
That's my two-penn'orth, anyway. |
23 |
|
24 |
-- |
25 |
Regards |
26 |
Peter |