[grsec] Grsec distro?

Bill Nash billn at bacchus.billn.net
Sun Nov 27 08:45:37 EST 2005 

Some of my looney co-workers rolled a pretty solid LFS+grsec installer. 
Given the complexity that can be involved with building packages and 
policies, that might be the route to go if someone decides to build one.

Loons. Seriously.

- billn

On Sat, 26 Nov 2005, John Logsdon wrote:

> Jan and list
>
> Thanks for this link.  Debian/Ubuntu Hardened seem to be rather like
> Gentoo which is Debian-based and offers the options for Grsec and SEL when
> you build it.  Again there is the problem of what version of grsec.
>
> I followed the vSecurity link and note that that seems to take some of
> grsec (I don't know how old) and Openwall and puts this within an LSM
> framework.  I thought LSM was rather frowned on in the grsec community -
> see Brad's comments LSM on the web site.  So that's a bit of a puzzle.
>
> One of the issues of course is that RH have clearly decided to bundle SEL
> in and this means that any of the downstream distros like CentOS inherit
> that problem.  Now I am sure SEL works well - there have been some rather
> silly spats on the CentOS list recently - but it does mean that many
> userland tools are broken or need to be recompiled against libselinux,
> that the attributes have to work (eg can't use Reiser) and a rather
> cumbersome command system when compared to the simple elegance of grsec.
>
> So I thought that a ready-rolled grsec version either built on RH or
> Debian with sensible packages (well a minimalist anyway) would make it
> much more attractive and therefore marketable.
>
> Things change quite quickly and I can also see the benefit of only being
> concerned with the kernel and patches...  I was just wondering whether it
> was on anyone's road map.
>
> Best wishes
>
> John
>
> John Logsdon                               "Try to make things as simple
> Quantex Research Ltd, Manchester UK         as possible but not simpler"
> j.logsdon at quantex-research.com              a.einstein at relativity.org
> +44(0)161 445 4951/G:+44(0)7717758675       www.quantex-research.com
>
>
> On Sat, 26 Nov 2005, Jan Krueger wrote:
>
>> Hi,
>>
>>> Has anyone thought of setting up a grsec distro?
>>
>> The folks at [1]Debian Hardened are trying to do just that. I don't know
>> what progress they've made so far, though.
>>
>> [1] http://www.debian-hardened.org/
>>
>> --
>> # Best regards, Jan 'jast' Krueger <jast at ruby-co de>
>> print'text: ';l=gets;I=['%q,0-9a-f,',',','%q,(-/:-@[,'];i="pack"+
>> "('H*')";l=eval("l.un#{i}[0].tr #{I}"); $><<"$><<[%q_#{l.gsub /(^
>> \W{64}|\W{72})/x,"\\1\n"}_.\ngsub(/\\s/,'').tr(#{I.reverse})]."+i
>>
>
> _______________________________________________
> grsecurity mailing list
> grsecurity at grsecurity.net
> http://grsecurity.net/cgi-bin/mailman/listinfo/grsecurity
>

More information about the grsecurity mailing list