| 1 |
On Sat, Dec 10, 2011 at 12:45 PM, Tanstaafl <tanstaafl@×××××××××××.org>wrote: |
| 2 |
|
| 3 |
> Hello all, |
| 4 |
> |
| 5 |
> I'm considering rolling out a new server with gentoo, but wanted to base |
| 6 |
> it on the hardened profile, but the docs I've read so far all seem to be a |
| 7 |
> bit vague about all the details. |
| 8 |
> |
| 9 |
> I've been using gentoo for a while on my hobby server, but I installed it |
| 10 |
> about 8 years ago, and chose the 'server' profile, and I must say it has |
| 11 |
> been a real pleasure to maintain, and the only real hiccup I ever |
| 12 |
> experienced was the mailman update that moved the directories for the lists |
| 13 |
> without telling me what to do about it (the fix was simple, and the devs |
| 14 |
> swiftly fixed the lack of post-install docs). |
| 15 |
> |
| 16 |
> Does anyone know of a good How-To that covers *all* of the bases? Ie, |
| 17 |
> which model is best - grsecurity, PAX, SeLinux - and how best to implement |
| 18 |
> it? |
| 19 |
> |
| 20 |
> Thanks... |
| 21 |
> |
| 22 |
> |
| 23 |
You may be able to get a better response from the -hardened list, but I |
| 24 |
built a hardened server a few months ago without much difficulty. As far as |
| 25 |
I know, the correct model to use depends on what you want to do with the |
| 26 |
server/what security you are looking to implement. When I went hardened, I |
| 27 |
used PaX and grsec [1] because it offered the security I was looking for |
| 28 |
but didn't restrict userland usability on a server on which I was the only |
| 29 |
user. My understanding is that this restriction would be a consequence of |
| 30 |
using SeLinux. |
| 31 |
|
| 32 |
[1] http://www.gentoo.org/proj/en/hardened/grsecurity.xml |
| 33 |
|
| 34 |
As for a solid comparison of the different models and tutorials for them, I |
| 35 |
don't know of any. I just used [1] as well as the PaX page to install and |
| 36 |
configure them and I didn't run into any problems. |
| 37 |
|
| 38 |
hope that helps a bit (and I hopefully didn't describe anything |
| 39 |
incorrectly). |
| 40 |
|
| 41 |
- Matt |
Archives