Grsecurity/The Administration Utility. Gradm, the administration utility for the role-based access control system, is a powerful tool that parses your ACLs (Access Control Lists), performs the enforcement of a secure base policy, optimizes the ACLs, as well as handles parsing of the learning logs, merges them with your ACL set and outputs the final ACLs.
Before you install gradm, boot into your patched grsecurity kernel. You can compile gradm in any kernel you wish, but the installation will fail if the kernel does not support grsecurity. Installation If your Linux distribution provides ready-made grsecurity kernel packages, they will very likely provide a package for gradm too. If that is the case you should consider using it before compiling gradm yourself.
Hardened Gentoo Adventures by radegand. UPDATED 23/10 - Added info about repos.conf which I've missed previously! Recenty I had to setup a new box with the specs above so I decided to share my installation notes in an attempt to spread the Gentoo virus ;] Apologies if they're not always as detailed as they could be but nevertheless should be helpful for anyone setting up a new Gentoo box. Ok, off we go! I've mostly used as a reference the following links: My weekly Gentoo update process. How often should we update our Gentoo?
There is no absolute correct answer for that. Gentoo is just like other distributions (distro), s**t does happen when do update. Playing With grsecurity. This howto is intended for those looking for better means to secure the Linux kernel, and the userland by the means of a powerful and simple role based access control policy.
Contents What is grsecurity? Grsecurity is an innovative approach to security utilizing a multi-layered detection, prevention, and containment model. It is a set of patches for the Linux kernel with an emphasis on enhancing security. Its typical application is in web servers and systems that accept remote connections from untrusted locations, such as systems offering shell access to its users. Introduction to Hardened Gentoo. 1.
Introduction This guide is meant for anyone unsure about the offerings of the Hardened Gentoo project, how to use them together, and what their respective roles in the project are. Gentoo Linux News. S Weblog : The PIE is not exactly a lie… One very interesting misconception related to Gentoo, and especially the hardened sub-profile, is related to the PIE (Position-Independent Executable) support.
This is probably due to the fact that up to now the hardened profile always contained PIE support, and since it relates directly to PIC (Position-Independent Code) and PIC as well is tied back to hardened support, people tend to confuse what technique is used for what scope. Let’s start with remembering that PIC is a compilation option that produces the so-called relocatable code; that is, code that is valid no matter what base address it is loaded at. This is a particularly important feature for shared objects: to be able to be loaded by any executable and still share the code pages in memory, the code needs to be relocatable; if it’s not, a text relocation has to happen. Index:Tutorials. Index:Tutorials From Gentoo Linux Wiki Jump to: navigation , search Tutorials Index.
Gentoo maintenance. From Gentoo Linux Wiki The focus of this tutorial is installing new software and updating existing software, in the most common and basic style.
Rough understanding of portage is expected. For complicated tinkering, see other pages in this wiki. Installing new software. Howto: Table of Contents. Apache2 - Configure SSL This document covers generating ssl certificate key using OpenSSL and set up apache2.
This document follows docs from GoDaddy. Bash/shell - cheat sheet. USE Flags. From Gentoo Linux Wiki What is a USE flag?
In Gentoo, USE flags are a mechanism for fine-tuning the options and capabilities with which portage installs software. By enabling or disabling these options, users can cut down on dependencies, compile time, and package size to make for a leaner, faster system while retaining important functionality. Flags can be defined on a global or a per-package basis. For example, mail-client/mutt has twenty USE flags. Pure-ftpd - Gentoo Linux Wiki. Gentoo Linux x86 Handbook.