The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

RH9 Kernel RPM with grsecurity (beta testers).

Discussion in 'Security' started by shaun, Oct 28, 2003.

  1. shaun

    shaun Well-Known Member

    Joined:
    Nov 9, 2001
    Messages:
    698
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    San Clemente, Ca
    I have build a Redhat 9 kernel with the grsecurity patch applied. I am looking for admins who wish to test this kernel. If you wish to test it, you can download it by clicking the link below. I would like feedback about how the install went and what type of hardware config you have. Send feedback to feedback@ndchost.com

    http://www.cplicensing.net/new/grsecurity.php


    btw, i have tested it on 2 machines.
     
  2. ciphervendor

    ciphervendor Well-Known Member

    Joined:
    Aug 26, 2002
    Messages:
    1,052
    Likes Received:
    0
    Trophy Points:
    36
    I won't use the RPMs, but it might be good to include what options you checked off in grsecurity. People who are familiar with grsec know that it has a myriad of options.
     
  3. unter

    unter Member

    Joined:
    Oct 27, 2003
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    Also, I think it would be a nice project of some type if someone could develop some very strict ACLs for grsec that are compatible with cpanel.
     
  4. shaun

    shaun Well-Known Member

    Joined:
    Nov 9, 2001
    Messages:
    698
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    San Clemente, Ca
    ciphervendor: Your right, thats a very important part that people need to know about. The option used was medium.


    I'd like to see a strict ACL for cPanel box's as well. i may try playing with learn mode when i have some time.
     
  5. DHL

    DHL Well-Known Member

    Joined:
    Mar 8, 2002
    Messages:
    88
    Likes Received:
    0
    Trophy Points:
    6
    Im using grsec on high security with cpanel on around 25 boxes, no problems, gradm and strict acls are definitely to be tested on a spare server first :)

    Still learning that one myself.
     
  6. shaun

    shaun Well-Known Member

    Joined:
    Nov 9, 2001
    Messages:
    698
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    San Clemente, Ca
    DHL,

    I heard high was too strict for a cPanel box. If this isnt the case i will build the rpms with as high.
     
  7. DHL

    DHL Well-Known Member

    Joined:
    Mar 8, 2002
    Messages:
    88
    Likes Received:
    0
    Trophy Points:
    6
    Hi Shaun,

    No problems with high security and cpanel - Ive been running grsec with high security on servers since last November without issue - Theres a monitoring server in your dc with rh9 and grsec on high if you want to look into it :)
     
  8. unter

    unter Member

    Joined:
    Oct 27, 2003
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    I would net recommend just setting it to "high". Go through the options and customize the configuration of grsecurity.
     
  9. shaun

    shaun Well-Known Member

    Joined:
    Nov 9, 2001
    Messages:
    698
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    San Clemente, Ca
  10. DHL

    DHL Well-Known Member

    Joined:
    Mar 8, 2002
    Messages:
    88
    Likes Received:
    0
    Trophy Points:
    6
    The rpms work well shaun, tested on i686 and athlons and no problems to report.

    For folks that don't feel comfortable with compiling their own kernels (or want to avoid the odd mishap :) I highly recommend these kernels.

    If you are running Tomkat, do not go for the high security option as grsec does not like that.

    The kernels are a great idea, nice to have someone doing these things volountary for the folks around here - kudos.
     
  11. shaun

    shaun Well-Known Member

    Joined:
    Nov 9, 2001
    Messages:
    698
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    San Clemente, Ca
    Maybe i'll buld a set of them, low, medium, and high.

    The build process takes forever... even on a p4 2.4GHZ with 1GB ram.
     
  12. ciphervendor

    ciphervendor Well-Known Member

    Joined:
    Aug 26, 2002
    Messages:
    1,052
    Likes Received:
    0
    Trophy Points:
    36
    For tomcat you simply need to download the chpax code from the pax site and flag the tomcat binaries--if you want to use the grsec high settings.
     
  13. DHL

    DHL Well-Known Member

    Joined:
    Mar 8, 2002
    Messages:
    88
    Likes Received:
    0
    Trophy Points:
    6
    Nice tip, just saying that regarding tomcat as anyone who is installing the rpms probably won't know how or want to go into too many details regarding pax and acls and it will break tomcat otherwise.
     
  14. icehosting

    icehosting Well-Known Member

    Joined:
    Dec 22, 2002
    Messages:
    60
    Likes Received:
    0
    Trophy Points:
    6
    any new version of the custom kernels?
     
  15. shaun

    shaun Well-Known Member

    Joined:
    Nov 9, 2001
    Messages:
    698
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    San Clemente, Ca
    i have yet to build a new grsec kernel, it's not as easy as you'd think as i have to pull all the config changes and i have yet to find a easy way to do that. When grsec releases a patch for the kernel that just came out, i'll see if i can get a new version up.
     
  16. orb_sp

    orb_sp Active Member

    Joined:
    Aug 7, 2003
    Messages:
    32
    Likes Received:
    0
    Trophy Points:
    6
    Has anyone tried these RPM's on an RHE3 server?
     
  17. icehosting

    icehosting Well-Known Member

    Joined:
    Dec 22, 2002
    Messages:
    60
    Likes Received:
    0
    Trophy Points:
    6
    Yea i have try and have make very very big CPU load.
    So i think it is not compatible with RHE 3.
     
  18. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
  19. VCServer

    VCServer Active Member

    Joined:
    Nov 19, 2003
    Messages:
    28
    Likes Received:
    0
    Trophy Points:
    1
    I have testing the GRSecurity kernel rev 3 (SMP i686).
    This kernel found one CPU but not two CPU´s (Intel Pentium 4 with SMP = 2 CPU´s).

    Is this a bug in the Kernel or can anyone help me? :confused:

    On other servers with a Celeron CPU the Kernel runnig very fine :)
     
Loading...

Share This Page