i think ya can find some interesting stuff here: Kaladix Linux (security patches + the kaladix distro) http://www.kaladix.org/hypersec.html LIDS - Linux Intrusion Detection System http://www.lids.org/ Openwall http://www.openwall.com/ PaX patch http://pageexec.virtualave.net/ HAP patch http://www.theaimsgroup.com/~hlein/hap-linux/ Stealth patch http://www.energymech.net/madcamel/fm/
have fun On Wed, 2002-01-23 at 11:07, [EMAIL PROTECTED] wrote: > Hello Lars, > > Wednesday, January 23, 2002, 9:45:26 AM, you wrote: > > LB> On Fri, 2002-01-18 at 22:15, Hassard, Stephen wrote: > >> I'm not sure if anyone has tried this one, but a fairly extensive patch set > >> for the 2.4 series of kernels is available called grsecurity > >> (http://www.grsecurity.net). It includes whole whacks of stuff (take a look > >> at the "features" page http://www.grsecurity.net/features.htm) .. I haven't > >> had a change to tried it out, but it looks promising. > > LB> > openwall works only w/ 2.2.x kernels unless they've released > >> > 2.4.x stuff > > LB> I will not vouch for the quality og GRSecurity, but it does implement > LB> Openwall on the 2.4 series. In comparison with LIDS it does not have the > LB> same requirement for pre-reboot configuration. GRSecurti featrures ACL, > LB> but they can be set only for the files that need them. > > LB> It was a breeze to patch and compile. I have it in production of dozens > LB> of machines running IPSec and bridging amongst other things. I have no > LB> problems related to the patch.(I mention this because GRSecurity also > LB> increases the randomness of the network traffic in particular, so that > LB> it becomes virtually impossible to quess operating system with an ``nmap > LB> -O''. It messes with many different aspects of the system.) > > LB> I would like to see others try it out and comment on this, because it > LB> looks very, very promising. > > it indeed sounds VERY interesting (not only to me) :-) > although I never dealt with special kernel modifications. > But I'll give it a go..can anyone recommend any other > kernel security patch sites? ..would be great! > > -- > Best regards, > Roman mailto:[EMAIL PROTECTED] > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > -- __________________________________________ Gergely Trifonov mailto:[EMAIL PROTECTED] System Administrator, WSD IND - Interactive Net Design http://www.indweb.hu Széchenyi u. 70. H - 3530 Miskolc Hungary Phone: +36 46 505 106 Fax: +36 46 505 107 Mobile: +36 20 395 6476 !Please install IND CA Certification as TRUSTED CA! https://www.indweb.hu/IND.crt
