For security reasons does it matter if a default non-hardened distro kernel is left installed on the system? Should it be removed?
Does using ccache interfere with RANDSTRUCT output for subsequent builds - causing it to be the same?
Grsecurity best practices
2 posts
• Page 1 of 1
Grsecurity best practices
by bancfc » Tue Apr 26, 2016 12:11 pm
- bancfc
- Posts: 9
- Joined: Fri Apr 15, 2016 3:55 pm
Re: Grsecurity best practices
by N8Fear » Wed Apr 27, 2016 1:22 am
You have to decide what you need for security. Personally I don't keep a non-grsec kernel around and even don't have an older kernel than one or two releases back (a "known good" one in case there is some kind of regression).
This is mainly done because otherwise an attacker with physical access could downgrade to a vulnerable (or a non-grsec) kernel.
Generally speaking you should ask yourself what kind of threats you want/need to defend against and create your own formal or informal security policy based on that information.
This is mainly done because otherwise an attacker with physical access could downgrade to a vulnerable (or a non-grsec) kernel.
Generally speaking you should ask yourself what kind of threats you want/need to defend against and create your own formal or informal security policy based on that information.
- N8Fear
- Posts: 37
- Joined: Thu Jan 17, 2013 5:01 am
2 posts
• Page 1 of 1