Grsec distro, RPM's with default ACL's
Posted: Thu Apr 22, 2004 9:34 am
As a user of grsec for I think long time I have some questions or even ideas.
1st. Is there a chance to include grsec in main linux kernel tree? (probably not because of selinux )
2nd. Is there any distribution with native support for grsecurity? (I saw once grsecurity in mandrake kernel I think, but there was no gradm or other tool, don't saying anything about documentation)
3rd. A little idea. A grsecurity enabled rpm.
Grsecurity acl configuration file allows includes, so can it be that by installing rpm we run a simple script that allows us to add a configuration file to in example /etc/grsec/packages, and if suplied with a password restarts grsec system with new acls.
For example when installing squid cache, squid binary, etc, is rw protected, and only squid binary have acces to cache directory. But that all is supplied by rpm developers or even by source code developers.
So grsec have good use not for only high security servers, but even for not experienced users on desktops.
1st. Is there a chance to include grsec in main linux kernel tree? (probably not because of selinux )
2nd. Is there any distribution with native support for grsecurity? (I saw once grsecurity in mandrake kernel I think, but there was no gradm or other tool, don't saying anything about documentation)
3rd. A little idea. A grsecurity enabled rpm.
Grsecurity acl configuration file allows includes, so can it be that by installing rpm we run a simple script that allows us to add a configuration file to in example /etc/grsec/packages, and if suplied with a password restarts grsec system with new acls.
For example when installing squid cache, squid binary, etc, is rw protected, and only squid binary have acces to cache directory. But that all is supplied by rpm developers or even by source code developers.
So grsec have good use not for only high security servers, but even for not experienced users on desktops.