hardened gentoo links. WAS: Re: [grsec] PaX
dk
dk at pwarchitects.com
Mon May 9 20:22:27 EDT 2005
pageexec at freemail.hu wrote:
Sorry if I'm straying off topic a bit here.
Re: Hardened-Gentoo for grsec to the OP:
>>After the first trial can somebody help me what kind of USE flags shoud
>>I use for Gentoo?
No need to, hardened USE flags in /etc/make.conf are depreciated. What
your /etc/make.profile is linked too matters most for hardened now.
See "/usr/portage/profiles/hardened" for your specific arch's profile.
It really helps to get familiar with the ins and out of how gentoo's
PORTAGE & stages really work first, as it can confuse many things when
starting out doing hardened.
>> And should I use Hardened Gentoo grsec kernel or Vanilla with grsec
>> patch?
Personally I'd just use the "hardened-sources" and let emerge do the
work for you. The official ebuilds are not on the bleeding edge of grsec
development of course. So if you wish to closely follow cvs it may be
best to do it by hand. YMMV
> for all the above i suggest that you read the hardened gentoo
> webpages and subscribe to their mailing list.
Ditto to this...
Relevant (x86 & english) links:
Hardened:
http://www.gentoo.org/proj/en/hardened/hardenedfaq.xml
http://www.gentoo.org/proj/en/hardened/primer.xml
http://www.gentoo.org/proj/en/hardened/pax-quickstart.xml
http://www.gentoo.org/proj/en/hardened/index.xml
http://www.gentoo.org/proj/en/hardened/grsecurity2.xml
Most discussion seems to lean towards SELinux, but a must read
none-the-less. Very low volume.
Mailinglist Archive:
http://marc.theaimsgroup.com/?l=gentoo-hardened&r=1&w=2
--
dk
More information about the grsecurity
mailing list