On 09/06/2015 04:15 PM, walt wrote: > https://wiki.gentoo.org/wiki/Hardened_Gentoo > > That wiki page is very seductive. It makes me want to drop everything > and select a hardened profile and re-emerge everything from scratch. > > But I have a feeling I'd soon be in big trouble if I did. Is this > something that only gentoo devs should be messing with, or is this > a project that a typical gentoo end-user might hope to accomplish > without frequent suicidal thoughts?
It depends on how many hardening features you want to enable. It's a lot easier than it used to be because there's a kernel config thingy that lets you pick safe options without understanding all the details. You can get a lot of protection for very little risk by enabling pax/grsec and checking a few boxes in the hardened kernel config. Just beware that there are kernel options that will clobber things like cpupower and others that will slow down specific programs like clamav with JIT. Anyway, we're all here because we like to tinker with things until they're broken, right? Give it a try and be sure to read the kernel help pages carefully and have fun. You can always switch back to a non-hardened kernel and everything will go back to normal.
