On Sat, 10 Dec 2011 15:17:47 -0500 Tanstaafl <[email protected]> wrote:
> Hello all, > > I'm considering rolling out a new server with gentoo, but wanted to > base it on the hardened profile, but the gentoo docs I've read so far > all seem to be a bit vague about all the details. > > I've been using gentoo for a while on my hobby server, but I > installed it about 8 years ago, and chose the 'server' profile, and I > must say it has been a real pleasure to maintain, with the only real > hiccup I ever experienced being the mailman update that moved the > directories for the lists without telling me what to do about it (the > fix was simple, and the devs swiftly fixed the lack of post-install > docs). > > Does anyone know of a good How-To that covers *all* of the bases? Ie, > which model is best - grsecurity, PAX, SeLinux - and how best to > implement it? > > The purpose of this server will be as a mail server (dovecot, > postfix, amavisd-new/spamassassin, mailman), and hosting a few small > websites. > > Thanks... > As with most things gentoo, 'best' is a mater of opinion. I personally use grsec (includes pax) for hardening and selinux for policies. To convert you generally do the following. profile-config set 12 (this sets to nomultilib selinux) emerge system emerge world Since I'm paranoid revdep-rebuild too. -- Matthew Thode (prometheanfire)
signature.asc
Description: PGP signature
