hi linux-dude > it indeed sounds VERY interesting (not only to me) :-) > although I never dealt with special kernel modifications. > But I'll give it a go..can anyone recommend any other > kernel security patch sites? ..would be great!
a collection of kernel patches... http://www.Linux-Sec.net/Harden/kernel.gwif.html have fun linuxing alvin On Wed, 23 Jan 2002, [EMAIL PROTECTED] wrote: > Hello Lars, > > Wednesday, January 23, 2002, 9:45:26 AM, you wrote: > > LB> On Fri, 2002-01-18 at 22:15, Hassard, Stephen wrote: > >> I'm not sure if anyone has tried this one, but a fairly extensive patch set > >> for the 2.4 series of kernels is available called grsecurity > >> (http://www.grsecurity.net). It includes whole whacks of stuff (take a look > >> at the "features" page http://www.grsecurity.net/features.htm) .. I haven't > >> had a change to tried it out, but it looks promising. > > LB> > openwall works only w/ 2.2.x kernels unless they've released > >> > 2.4.x stuff > > LB> I will not vouch for the quality og GRSecurity, but it does implement > LB> Openwall on the 2.4 series. In comparison with LIDS it does not have the > LB> same requirement for pre-reboot configuration. GRSecurti featrures ACL, > LB> but they can be set only for the files that need them. > > LB> It was a breeze to patch and compile. I have it in production of dozens > LB> of machines running IPSec and bridging amongst other things. I have no > LB> problems related to the patch.(I mention this because GRSecurity also > LB> increases the randomness of the network traffic in particular, so that > LB> it becomes virtually impossible to quess operating system with an ``nmap > LB> -O''. It messes with many different aspects of the system.) > > LB> I would like to see others try it out and comment on this, because it > LB> looks very, very promising. > > it indeed sounds VERY interesting (not only to me) :-) > although I never dealt with special kernel modifications. > But I'll give it a go..can anyone recommend any other > kernel security patch sites? ..would be great! > > -- > Best regards, > Roman mailto:[EMAIL PROTECTED] > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] >
