10.x OpenSuse-distro working with grsecurity ?

Discuss usability issues, general maintenance, and general support issues for a grsecurity-enabled system.

10.x OpenSuse-distro working with grsecurity ?

Postby Specter » Fri Aug 31, 2007 4:50 am

I am using OpenSuse v10.1 and I want to harden my OS, a least for the servers.
I do not want to use AppArmor, missing important features (protection for /dev/[k]mem, proc-FS, ASLR,...).

SELinux is too complex for my requirements, recompilation is required for all apps/libs, problem if closed-source.
It further mandates filesystem, bec. of required capabilities and labelling of each file.
Once up and running Grsecurity should be relatively trouble-free.

In this forum I found some postings referring to the SuSE-Linux pre-9.1-versions.

With 9.0 the 'Suse-Distro' could be run with Vanilla-Kernel patched with grsecurity.
In the threads found, there was no clear solution and no indication whether somebody succeeded meanwhile.

I believe many OpenSuse-users were 'auto-migrated' when AppArmor was enabled by default and sticked with it.

Is there some experience available about current versions of OpenSuse, whether there are conflicting portions
of Kernel-code-changes, not possible to merge with e.g. the current Suse-Patches?

I do not want to dig into Kernel-Hacking, besides manually resolving some trivial patch-conflicts.
Or can I run a recent 10.x version of OpenSuse with Vanilla-Kernel patched with grsecurity?

Do you know of / can you recommend other Linux-distributions supporting grsecurity?
Specter
 
Posts: 2
Joined: Fri Aug 31, 2007 2:49 am

Postby ralphy » Fri Aug 31, 2007 4:54 pm

Gentoo's hardened project offers grsecurity. Works quite well.
ralphy
 
Posts: 52
Joined: Wed Jan 11, 2006 12:51 pm

Postby Specter » Sat Sep 01, 2007 7:14 am

Hello ralphy,

thank you for this direction! :)

I am currently reading some of 'http://www.gentoo.org/proj/en/hardened/' and other sources.

It sounds/looks very promising ...
When I have a clearer picture of Hardened Gentoo, I will write more.
Specter
 
Posts: 2
Joined: Fri Aug 31, 2007 2:49 am

Postby ralphy » Sat Sep 01, 2007 5:28 pm

Have fun and goodluck! :)
ralphy
 
Posts: 52
Joined: Wed Jan 11, 2006 12:51 pm


Return to grsecurity support

cron