Grsecurity/The Administration Utility. Gradm, the administration utility for the role-based access control system, is a powerful tool that parses your ACLs (Access Control Lists), performs the enforcement of a secure base policy, optimizes the ACLs, as well as handles parsing of the learning logs, merges them with your ACL set and outputs the final ACLs.
Before you install gradm, boot into your patched grsecurity kernel. You can compile gradm in any kernel you wish, but the installation will fail if the kernel does not support grsecurity. Installation If your Linux distribution provides ready-made grsecurity kernel packages, they will very likely provide a package for gradm too. If that is the case you should consider using it before compiling gradm yourself.
Before compiling and installing gradm, make sure you have the following applications installed in your system: lex or flex and byacc or bison. Change to the directory you downloaded gradm and grsecurity to earlier. . $ make NOTE: Look at the output from make. Hardened Gentoo Adventures by radegand. UPDATED 23/10 - Added info about repos.conf which I've missed previously! Recenty I had to setup a new box with the specs above so I decided to share my installation notes in an attempt to spread the Gentoo virus ;] Apologies if they're not always as detailed as they could be but nevertheless should be helpful for anyone setting up a new Gentoo box.
Ok, off we go! I've mostly used as a reference the following links: The Hardened GCC4 Toolchain Overlay Guide. My weekly Gentoo update process. How often should we update our Gentoo?
There is no absolute correct answer for that. Gentoo is just like other distributions (distro), s**t does happen when do update. No matter what species of penguins you pet, they all might get sick and updating interval is not really relevant. However, you should never wait for a year even just a few months, though your version might still be supported. Believe me, that’s not wise. Since I started to use eix, eix-diff told me the changes on Portage tree.
Here is the steps I do: Running sudo eix-sync to update Portage tree, read the diff.See what packages get removed, you might have few removed, see if there are replacements.See what packages get added, play with them.Running emerge -pvuDt world to see what can be upgraded. There are some packages might require you to update partial or even entire system, meaning all packages. Playing With grsecurity. This howto is intended for those looking for better means to secure the Linux kernel, and the userland by the means of a powerful and simple role based access control policy.
Contents What is grsecurity? Grsecurity is an innovative approach to security utilizing a multi-layered detection, prevention, and containment model. It is a set of patches for the Linux kernel with an emphasis on enhancing security. Its typical application is in web servers and systems that accept remote connections from untrusted locations, such as systems offering shell access to its users. Extensive information about grsecurity can be found from the following links: This tutorial briefly gives you an introduction on using grsecurity. Introduction to Hardened Gentoo. 1.
Introduction This guide is meant for anyone unsure about the offerings of the Hardened Gentoo project, how to use them together, and what their respective roles in the project are. The basic security principle that we emphasize is layers of security. Layers are fundamental in ensuring a users machine is not compromised, and if it is, minimizing the damages done. By combining a series of dissimilar, though security related technologies, we make an attacker jump through additional hoops before a compromise may occur. Gentoo Linux News. S Weblog : The PIE is not exactly a lie… One very interesting misconception related to Gentoo, and especially the hardened sub-profile, is related to the PIE (Position-Independent Executable) support.
This is probably due to the fact that up to now the hardened profile always contained PIE support, and since it relates directly to PIC (Position-Independent Code) and PIC as well is tied back to hardened support, people tend to confuse what technique is used for what scope. Let’s start with remembering that PIC is a compilation option that produces the so-called relocatable code; that is, code that is valid no matter what base address it is loaded at.
This is a particularly important feature for shared objects: to be able to be loaded by any executable and still share the code pages in memory, the code needs to be relocatable; if it’s not, a text relocation has to happen. Index:Tutorials. Index:Tutorials From Gentoo Linux Wiki Jump to: navigation , search. Gentoo maintenance. From Gentoo Linux Wiki The focus of this tutorial is installing new software and updating existing software, in the most common and basic style. Rough understanding of portage is expected. For complicated tinkering, see other pages in this wiki. Howto: Table of Contents. Apache2 - Configure SSL This document covers generating ssl certificate key using OpenSSL and set up apache2.
This document follows docs from GoDaddy. USE Flags. From Gentoo Linux Wiki What is a USE flag? In Gentoo, USE flags are a mechanism for fine-tuning the options and capabilities with which portage installs software. By enabling or disabling these options, users can cut down on dependencies, compile time, and package size to make for a leaner, faster system while retaining important functionality. Flags can be defined on a global or a per-package basis.
For example, mail-client/mutt has twenty USE flags. Some flags enable features which require certain commands or libraries; gdbm , berkdb , ssl and sasl all enable features that require additional userspace libraries such as Sleepycat DBM or OpenSSL. Some flags are specific to just fix bugs. Choosing global USE flags for your system Choosing the right USE flags is crucial, but it's also pretty simple. Then consult the list of USE flags available locally at /usr/portage/profiles/use.desc or online at the Gentoo-Portage USE Flag Listing . Pure-ftpd - Gentoo Linux Wiki. De Gentoo Linux Wiki. Introduction Pourquoi installer un serveur FTP ? Gentoo Linux x86 Handbook.