Newbie questions
Posted: Tue Dec 19, 2006 1:00 pm
I'm a complete fr00b when it comes to securing Linux and i have some questions about grsecurity since I think it offers what I want.
I've been repeatedly told that grsecurity and PaX in general is for servers rather than desktops. I'm inclined to believe that's true, but I feel desktops are no less deserving of security than servers are.
I patched the 2.6.18.2 kernel with grsecurity and set the security level to "high" since "high" obviously sounds more secure than "low". This left me unable to log in graphically because I was "out of disk space" (I wasn't). I set the level to "low" and recompiled and was then able to log in.
There's a hell of a lot of options there and I suppose any one of them could be to blame. Therefore, I've decided that I'd just like specific security features.
I'm sure you guys know MS Windows has Data Execution Prevention which uses the NX bit to prevent execution of code on the stack. Basically this is all the functionality I'd like to enable. I understand this could be provided with PaX.
How would I go about just enabling this feature (and any other little features as long as they're unlikely to cause trouble?)
Thanks.
I've been repeatedly told that grsecurity and PaX in general is for servers rather than desktops. I'm inclined to believe that's true, but I feel desktops are no less deserving of security than servers are.
I patched the 2.6.18.2 kernel with grsecurity and set the security level to "high" since "high" obviously sounds more secure than "low". This left me unable to log in graphically because I was "out of disk space" (I wasn't). I set the level to "low" and recompiled and was then able to log in.
There's a hell of a lot of options there and I suppose any one of them could be to blame. Therefore, I've decided that I'd just like specific security features.
I'm sure you guys know MS Windows has Data Execution Prevention which uses the NX bit to prevent execution of code on the stack. Basically this is all the functionality I'd like to enable. I understand this could be provided with PaX.
How would I go about just enabling this feature (and any other little features as long as they're unlikely to cause trouble?)
Thanks.