On 12/23/2017 09:09 AM, Peter Humphrey wrote:
> Hello list,
> 
> Now that grsecurity is off-limits, I'm left wondering how to go about 
> hardening a no-multilib box that will be exposed to the Big Bad World.

You can still use grsec/pax if you're willing to stick with an older
(LTS) kernel:

https://github.com/minipli/linux-unofficial_grsec/tree/linux-4.9.x-unofficial_grsec


> To start with, it's not obvious which profile to use:
> 
> $ eselect profile list | grep no-multi | grep hardened
>   [23]  default/linux/amd64/17.0/no-multilib/hardened
>   [24]  default/linux/amd64/17.0/no-multilib/hardened/selinux

One of those two, depending on whether or not you use SELinux.



Reply via email to