RH9 Kernel RPM with grsecurity (beta testers).

**shaun** · 10-28-2003 02:12 AM

I have build a Redhat 9 kernel with the grsecurity patch applied. I am looking for admins who wish to test this kernel. If you wish to test it, you can download it by clicking the link below. I would like feedback about how the install went and what type of hardware config you have. Send feedback to feedback@ndchost.com

http://www.cplicensing.net/new/grsecurity.php

btw, i have tested it on 2 machines.

**ciphervendor** · 10-28-2003 08:37 AM

I won't use the RPMs, but it might be good to include what options you checked off in grsecurity. People who are familiar with grsec know that it has a myriad of options.

**unter** · 10-28-2003 12:47 PM

Also, I think it would be a nice project of some type if someone could develop some very strict ACLs for grsec that are compatible with cpanel.

**shaun** · 10-28-2003 02:57 PM

ciphervendor: Your right, thats a very important part that people need to know about. The option used was medium.

I'd like to see a strict ACL for cPanel box's as well. i may try playing with learn mode when i have some time.

**DHL** · 10-29-2003 04:14 AM

Im using grsec on high security with cpanel on around 25 boxes, no problems, gradm and strict acls are definitely to be tested on a spare server first

Still learning that one myself.

**shaun** · 10-30-2003 04:56 AM

DHL,

I heard high was too strict for a cPanel box. If this isnt the case i will build the rpms with as high.

**DHL** · 10-30-2003 01:25 PM

Hi Shaun,

No problems with high security and cpanel - Ive been running grsec with high security on servers since last November without issue - Theres a monitoring server in your dc with rh9 and grsec on high if you want to look into it

**unter** · 10-30-2003 03:39 PM

I would net recommend just setting it to "high". Go through the options and customize the configuration of grsecurity.

**shaun** · 11-04-2003 02:25 AM

revision 0.3 has grsecuity set to high for those who want to test.

http://www.cplicensing.net/new/grsecurity.php

**DHL** · 11-10-2003 02:36 PM

The rpms work well shaun, tested on i686 and athlons and no problems to report.

For folks that don't feel comfortable with compiling their own kernels (or want to avoid the odd mishap

I highly recommend these kernels.

If you are running Tomkat, do not go for the high security option as grsec does not like that.

The kernels are a great idea, nice to have someone doing these things volountary for the folks around here - kudos.

**shaun** · 11-10-2003 03:06 PM

Maybe i'll buld a set of them, low, medium, and high.

The build process takes forever... even on a p4 2.4GHZ with 1GB ram.

**ciphervendor** · 11-11-2003 08:03 AM

For tomcat you simply need to download the chpax code from the pax site and flag the tomcat binaries--if you want to use the grsec high settings.

**DHL** · 11-11-2003 09:15 PM

Originally posted by ciphervendor
For tomcat you simply need to download the chpax code from the pax site and flag the tomcat binaries--if you want to use the grsec high settings.

Nice tip, just saying that regarding tomcat as anyone who is installing the rpms probably won't know how or want to go into too many details regarding pax and acls and it will break tomcat otherwise.

**icehosting** · 01-05-2004 07:30 PM

any new version of the custom kernels?

**shaun** · 01-06-2004 04:08 AM

i have yet to build a new grsec kernel, it's not as easy as you'd think as i have to pull all the config changes and i have yet to find a easy way to do that. When grsec releases a patch for the kernel that just came out, i'll see if i can get a new version up.

LinkBack

Thread Tools

RH9 Kernel RPM with grsecurity (beta testers).