10.x OpenSuse-distro working with grsecurity ?
Posted: Fri Aug 31, 2007 4:50 amI am using OpenSuse v10.1 and I want to harden my OS, a least for the servers.
I do not want to use AppArmor, missing important features (protection for /dev/[k]mem, proc-FS, ASLR,...).
SELinux is too complex for my requirements, recompilation is required for all apps/libs, problem if closed-source.
It further mandates filesystem, bec. of required capabilities and labelling of each file.
Once up and running Grsecurity should be relatively trouble-free.
In this forum I found some postings referring to the SuSE-Linux pre-9.1-versions.
With 9.0 the 'Suse-Distro' could be run with Vanilla-Kernel patched with grsecurity.
In the threads found, there was no clear solution and no indication whether somebody succeeded meanwhile.
I believe many OpenSuse-users were 'auto-migrated' when AppArmor was enabled by default and sticked with it.
Is there some experience available about current versions of OpenSuse, whether there are conflicting portions
of Kernel-code-changes, not possible to merge with e.g. the current Suse-Patches?
I do not want to dig into Kernel-Hacking, besides manually resolving some trivial patch-conflicts.
Or can I run a recent 10.x version of OpenSuse with Vanilla-Kernel patched with grsecurity?
Do you know of / can you recommend other Linux-distributions supporting grsecurity?
I do not want to use AppArmor, missing important features (protection for /dev/[k]mem, proc-FS, ASLR,...).
SELinux is too complex for my requirements, recompilation is required for all apps/libs, problem if closed-source.
It further mandates filesystem, bec. of required capabilities and labelling of each file.
Once up and running Grsecurity should be relatively trouble-free.
In this forum I found some postings referring to the SuSE-Linux pre-9.1-versions.
With 9.0 the 'Suse-Distro' could be run with Vanilla-Kernel patched with grsecurity.
In the threads found, there was no clear solution and no indication whether somebody succeeded meanwhile.
I believe many OpenSuse-users were 'auto-migrated' when AppArmor was enabled by default and sticked with it.
Is there some experience available about current versions of OpenSuse, whether there are conflicting portions
of Kernel-code-changes, not possible to merge with e.g. the current Suse-Patches?
I do not want to dig into Kernel-Hacking, besides manually resolving some trivial patch-conflicts.
Or can I run a recent 10.x version of OpenSuse with Vanilla-Kernel patched with grsecurity?
Do you know of / can you recommend other Linux-distributions supporting grsecurity?
