> I am not sure I follow - is the plan for Devuan to be default
> hardened/grsec, or is it supposed to be an optional choice somehow? As was
> already pointed out, java won't run. Lots and lots of server workloads run
> Java
nop, not as a default ( or I badly missed something ;) ) , just an
a
On 03/06/15 20:27, Adam Borowski wrote:
>
> It looks like Knock breaks everything TCP SQN is used for.
>
*** You obviously didn't read the paper and are happily FUDing like it's
Pearl Harbor. Knock only changes the Initial Sequence Number of the TCP
packet, overriding the default MD5 hash used i
On Fri, Mar 06, 2015 at 08:33:20PM +0100, Jaromil wrote:
>
> dear Miroslav,
>
> On Fri, 06 Mar 2015, miroslav.rov...@zg.ht.hr wrote:
>
> > I hope to be able to continue my Grsecurity/Pax Deployment in Devuan for
> > the Newbies (or of a similar title), like I did in Debian Forums (see my
> > fir
I am not sure I follow - is the plan for Devuan to be default
hardened/grsec, or is it supposed to be an optional choice somehow? As was
already pointed out, java won't run. Lots and lots of server workloads run
Java
On 7 March 2015 at 12:42, Jaromil wrote:
>
> dear Neo Futur and other membe
dear Neo Futur and other members of the Devuan hardening team:
please consider the Alpha release series a minimal base you can use to
start working on the kernel patches, building them and testing them.
In fact, this release series is mostly intended to receive feedback from
developers and adjust
also answering here to jaromil about a grsec question on another thread :
On Fri, Mar 6, 2015 at 2:33 PM, Jaromil wrote:
>> I hope to be able to continue my Grsecurity/Pax Deployment in Devuan for
>> the Newbies (or of a similar title), like I did in Debian Forums (see my
>> first message in th
at the beginning we plan :
* to use only the pax options of the grsec kernel, no rbac enabled
* to work on vanilla sources or gentoo hardened sources
* no debian patches, no exotic patches
* shipping the kernel with warnings that, as a default, java wont work
with a secure kernel, and possibly any
On Fri, Mar 06, 2015 at 03:19:29PM -0300, hellekin wrote:
> *** I'm so happy to see this group. I've been using this kernel lately,
> running on Parabola:
>
> 3.14.34-gnu-201502271838-1-lts-grsec-knock
>
> GRSecurity, and Knock support. Knock is a kernel patch that enables
> single packet por
On Fri, 06 Mar 2015, hellekin wrote:
> GRSecurity, and Knock support. Knock is a kernel patch that enables
> single packet port knocking [0], thwarting common scanning attacks. I
> would love to see this running on Devuan. Parabola GNU/Linux was the
> first distro to deploy it, and I've been u
