grsecurity forums

Hey guys!

To be honest I'm pretty novice with all things *nix but I just had a mate come over and migrate my old xp box to a slackware 12 ssh/apache/ftp/samba server upstairs.

He recommended your suite but we had to roll back the kernel one or two notches so it would actually compile, we did so on (High) security setting and on boot it wouldn't go past a certain stage, something about excess commands and wait 5 minutes (to which there was no recover).

We we had to recompile and it worked on medium setting, my question is, what features have I lost for dropping to medium?

Is medium setting still secure? (or moreso )?

The reason security matters so much to me is I have a static IP which is bound to my dns for gaming purposes, so even on something like logging in to irc, everyone see's it and has a shot at shh and sometimes soon someone is going to get lucky.

Not only that, I also run a ventrilo server.

I noticed running a forkbomb using ){ :|:& };: did not work at first, so I made the following typical scenario in C :

#include <unistd.h>

int main()
{
while(1)
fork();
}

and saved it/ran it and it worked,
however, it would not consume more then around %20 of my cpu, was that your doing?
Or is something in slackware 12 that I'm unaware off auto-limiting the cpu/memory usage?

omegabeta wrote:He recommended your suite but we had to roll back the kernel one or two notches so it would actually compile, we did so on (High) security setting and on boot it wouldn't go past a certain stage, something about excess commands and wait 5 minutes (to which there was no recover).

can you post the compile and boot failure messages along with the .config used for each (also which grsec was it exactly)?

We we had to recompile and it worked on medium setting, my question is, what features have I lost for dropping to medium?

Is medium setting still secure? (or moreso )?

just compare the options enabled by GRKERNSEC_HIGH to the others and you'll see. in particular, only HIGH enables the memory protection part of PaX, and you most likely want that on internet facing services.

PaX Team wrote:

omegabeta wrote:He recommended your suite but we had to roll back the kernel one or two notches so it would actually compile, we did so on (High) security setting and on boot it wouldn't go past a certain stage, something about excess commands and wait 5 minutes (to which there was no recover).

can you post the compile and boot failure messages along with the .config used for each (also which grsec was it exactly)?

We we had to recompile and it worked on medium setting, my question is, what features have I lost for dropping to medium?

Is medium setting still secure? (or moreso )?

just compare the options enabled by GRKERNSEC_HIGH to the others and you'll see. in particular, only HIGH enables the memory protection part of PaX, and you most likely want that on internet facing services.

It was the latest suite, I know because we had to roll back the kernel to a slightly older version so it would compile, the new kernel wont do it.

As for the boot log, That installation was removed, if I can still access that log up on my Slackware server I'd have done it by know and posted it, if it is a possibility, I'm unaware of how to do it.

As it stands the server is hosting ventrilo/ftp/apache (http://blindraven.servegame.org) samba and now Openarena and Cube 2.