Page 1 of 1

Grsec distro, RPM's with default ACL's

PostPosted: Thu Apr 22, 2004 9:34 am
by szpak
As a user of grsec for I think long time I have some questions or even ideas.

1st. Is there a chance to include grsec in main linux kernel tree? (probably not because of selinux :( )
2nd. Is there any distribution with native support for grsecurity? (I saw once grsecurity in mandrake kernel I think, but there was no gradm or other tool, don't saying anything about documentation)
3rd. A little idea. A grsecurity enabled rpm.
Grsecurity acl configuration file allows includes, so can it be that by installing rpm we run a simple script that allows us to add a configuration file to in example /etc/grsec/packages, and if suplied with a password restarts grsec system with new acls.
For example when installing squid cache, squid binary, etc, is rw protected, and only squid binary have acces to cache directory. But that all is supplied by rpm developers or even by source code developers.
So grsec have good use not for only high security servers, but even for not experienced users on desktops.

PostPosted: Thu Apr 22, 2004 11:16 am
by torne
Hardened Gentoo can be installed with grsecurity.

PostPosted: Thu Apr 22, 2004 12:30 pm
by Sleight of Mind
there's also Adamantix
A debian based distro using PaX and RSBAC (but not grsec itself)

PostPosted: Wed Jun 16, 2004 10:52 pm
by To
The gentoo default installtion with kernel gentoo sources brings a set a ACL examples too. In terms of security torne's advice it's the best.
Anyway it's the gentoo way :wink:
( I don't want to start a flame war here )

Tó

PostPosted: Thu Jun 17, 2004 10:07 am
by torne
If you use Gentoo and grsecurity you should compile your system from a hardened stage1/2/3 tarball as this will automatically build every package as a position-independant executable, allowing PaX to relocate binaries to random addresses. The hardened stages/profile automatically set up everything needed to have this work.

Re: Grsec distro, RPM's with default ACL's

PostPosted: Sun Mar 30, 2008 2:42 pm
by cormander
I hate to bump up an old thread, but this is relevant to the topic.

I've started to maintain grsecurity kernel RPMs. Right now they're for CentOS / Fedora, but will shortly have them for SuSE and Mandrivia as well.

http://www.ravencore.com/grsec/

As of this writing I don't have a gradm RPM, but will be releasing one shortly.

As far as other distributions that use grsecurity in rpm format, there are http://www.pld-linux.org/ and http://www.caoslinux.org/

Re: Grsec distro, RPM's with default ACL's

PostPosted: Fri Apr 18, 2008 6:17 am
by To
thanx;)