Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

Grsecurity/Pax installation on Debian GNU/Linux

Share your HowTo, Documentation, Tips and Tricks. Not for support questions!.
Message
Author
jlambrecht
Posts: 374
Joined: 2008-02-01 16:21

Re: Grsecurity/Pax installation on Debian GNU/Linux

#61 Post by jlambrecht »

Ehr, wadayamean ? :D
Embrace what you're not certain off,
keep an eye on what you're confident about.

pcalvert
Posts: 1939
Joined: 2006-04-21 11:19
Location: Sol Sector
Has thanked: 1 time
Been thanked: 2 times

Re: Grsecurity/Pax installation on Debian GNU/Linux

#62 Post by pcalvert »

stevepusser wrote: Maybe...can anyone access that kernel?
I notified the website owner that the site is down.

His reply:

Thanks, we are working on a new server.
It should work soon.

In the meantime one alternative is to check mirror in Freenet network.

Thanks for your interest.
Phil
Freespoke is a new search engine that respects user privacy and does not engage in censorship.

timbgo
Posts: 265
Joined: 2013-04-14 12:17

Re: Grsecurity/Pax installation on Debian GNU/Linux

#63 Post by timbgo »

Hi!

I wish I could keep (and that I could have kept) this topic up, but what I deem the systemd-suicide by Debian Developers turned me away from Debian.

A lot, a huge lot is losing so much because of this what I deem Debian abandoning of its own true self.

I wish for the Devuan, the Debian non-systemd fork to really take off, and I hope that could still happen. We'll see.

I looked up the suggestion by a member a few post previous to here:

http://main.mepis-deb.org/

but that's a false suggestion, IIUC, no mention of grsecurity, so, again: IIUC, or to be sure: correct me if I'm wrong in understanding that they don't offer grsecurity-hardened kernel. And if they don't, it's a false suggestion. Period.

The other suggestion:

https://wiki.debian.org/Mempo

may be worth it, but not for all users. Exampli gratia, I liked to be close to the bleeding edge and install the weekly DVDs, and then compile the grsecurity-hardened kernel for it. Doesn't seem possible with Mempo.

But Mempo is not to be counted out. I really wish those guys succeeded! Their ideas are so pure, so right, and so needed today!

And if you search page 3 of this topic you are reading, this post:

http://forums.debian.net/viewtopic.php? ... 30#p555093

for an alternative, previously made attempt similar to mine in this topic, you might go on from:

grsecurity source install script for Debian
https://github.com/rickard2/grsecurity-Debian-Installer

Sadly, not maintained.

I don't know what future holds.

I terribly liked what I could achieve with having my grsecurity-hardened kernel on the weekly (was it Sid up until a few months ago?, yes I think so), and then, the beauty was that thanks to Thorsten mirabilos Glaser...

The beauty was that then, thanks mirabilos from MirBSD, it was possible to rid myself of the program architecture that is there in most FOSS Linux and their relatives in FOSS, with the true purpose under the hood of its shine, to make for proprietory programs to work on top of [F]ree [O]pen ource oftware.

And proprietory, for which that architecture is there, and sadly lives undisturbed in most Linuces and their relatives of this day...

And yes I mean dbus based architecture.

And proprietory, in this day and age, means: in the service of the one-ring-to-rule-them-all cravers, dear brothers in *nix.

Look up my tip:
How to Remove Systemd and Related Packages from Your Debian
http://forums.debian.net/viewtopic.php?f=16&t=118197

And the beauty was that, thanks to that programmer from the BSD community, I was able to rid my Debian of dbus, pulseaudio and all those poetterware programs, along with harden it with my dearest program in all of FOSS, the grsecurity.

Sadly, while what I explained I needed to do in my previous post to this post, and it is this one:

( in this same topic you are reading )
http://forums.debian.net/viewtopic.php? ... 45#p566911

I did manage to do, it cost me huge time which then I did not have available for so many other things.

I have deployed grsecurity completely in my Gentoo, I know now how to filter traffic in such way that pretty much nothing is unobserved if I get under attack (well, there surely are subjects stronger than me, but I'm not, say, such a subject like Iran was years ago, to deserve those subjects' attention, or like the hackers deserve it who hack into their premises)... Along with having managed deploying iptables properly, and other things...

And I can tell you that Gradm really really does it! Gradm, the grsecurity administration, which, as I said in a few places, needs to be deployed on top of the grsecurity-hardened kernel to account for the few holes that otherwise still remain, as they can not be fixed via solely the kernel patching, which grsecurity does.

My desire to transmit the little but good and very recommendable knowledge that I have gained by now, has not left me, such as to make the next tip some day, the harder one to do, on how to deploy Gradm in Debian. The harder one (then this tip you are reading) to do for newbies, and the harder one (then this tip) to write for me (or if someone else takes over).

It really depends. If Devuan takes off and learns to fly, and if they, this is important, and I'll point them over to these words of mine...

And if they offer a no-dbus Devuan, which I am not certain it is among their objectives; but if they do, then you may even not see much of me, because then I may get my little free time that I have, I can then start using that time for Devuan only...

But if they don't offer a non-dbus Devuan, then I can't go for Devuan.

I told them this already...

I attempted to say my views generally, and very clumsily, I admit:

https://lists.dyne.org/lurker/message/2 ... 11.en.html

but on dbus, I think I said it right, even though in the wider context:

https://lists.dyne.org/lurker/message/2 ... 95.en.html

where find:
"
I count dbus in poetterware-related. You don't have to. I do. Pls. allow for that option!

My take on it you can have also here:

Updating and keeping your Gentoo non-poeterized
https://forums.gentoo.org/viewtopic-t-1012022.html
"
and:

https://lists.dyne.org/lurker/message/2 ... 14.en.html
"And an opt-out from dbus, official possiblity to have a non-dbus Devuan."

But I'm really not a developer to be able to follow them in the development of Debian, so I withdrew from the discussion.

And if they don't offer a no-dbus Devuan, then I may try and see if modalities still exist here in Debian, to go on where I left, disgusted that not even a simple file of a few kilobytes was allowed in the DVD 1 back when they were all (are they still?) about imposing the freaking systemd on every Debian user, as you can read in this tip of mine:

Air-Gapped Debian Install for Newbies
http://forums.debian.net/viewtopic.php? ... 8&#p564470

where find this paragraph:
"
As you can see the systemd vandals have removed the sysvinit time honored and reliable (although a better one should be invented/deployed) init from the disk 1. Namely it is there in the disk-2. For the 129K sysvinit-core_2.88dsf-58_amd64.deb there was no room to be found in the disk-1... It's shame.
"
I don't know which way I will go next, esp. since I'm much more familiar with Gentoo (which is the best for security, and for defence from surveillance, as it is the home of grsecurity-hardening deployed).

And also the way that I showed I believe in, in my tips in these Debian Forums, and which is above all without dbus/poetterware and with grsecurity/PaX, and which I believe is the way to go in today's surveilled society, for anyone who wants to be free and not controlled by unknown to him/her. on that way De[bv][iu]an does not seem to be persevering on, not steadilyy, no, not so well as Gentoo...

And especially I don't know when I might go the way that I happen to go next in Debian or its fork Devuan.

Thank you all for your kind attention.
Miroslav Rovis
Zagreb, Croatia
http://www.CroatiaFidelis.hr
Anyone can dismiss these: kernel hooks for rootkits
linux capabilities for intrusion?

User avatar
mardybear
Posts: 994
Joined: 2014-01-19 03:30

Re: Grsecurity/Pax installation on Debian GNU/Linux

#64 Post by mardybear »

timbgo:
And the beauty was that, thanks to that programmer from the BSD community, I was able to rid my Debian of dbus, pulseaudio and all those poetterware programs, along with harden it with my dearest program in all of FOSS, the grsecurity.
Don't forget Avahi...

Didn't re-read the entire thread, but have you looked at Alpine Linux:
Alpine Linux was designed with security in mind. The kernel is patched with grsecurity/PaX out of the box, and all userland binaries are compiled as Position Independent Executables (PIE) with stack smashing protection. These proactive security features prevent exploitation of entire classes of zero-day and other vulnerabilities.
http://www.alpinelinux.org/about/

...don't know about dbus.

Dbus is optional/not required in TinyCore Linux. It does, however, let you build a system to your preference. No grsecurity though.
800mhz, 512mb ram, dCore-jessie (Tiny Core with Debian Jessie packages) with BusyBox and Fluxbox.
Most don't have computer access, reuse or pay forward an old computer.

timbgo
Posts: 265
Joined: 2013-04-14 12:17

Re: Grsecurity/Pax installation on Debian GNU/Linux

#65 Post by timbgo »

Hi mardybear!

(for some reason, I can't find the `Quote' link with my dillo, and am in other work)

I'll look into Alpine. Anything grsec/PaX is interesting to me.

Avahi, isn't that something RedHat?

Really no time. Pls. allow delays.

And really thanks! Didn't know about Alpine.
Miroslav Rovis
Zagreb, Croatia
http://www.CroatiaFidelis.hr
Anyone can dismiss these: kernel hooks for rootkits
linux capabilities for intrusion?

timbgo
Posts: 265
Joined: 2013-04-14 12:17

Re: Grsecurity/Pax installation on Debian GNU/Linux

#66 Post by timbgo »

And I can't even find the Edit button (or whether it's a link)...

EDIT START: Well, I can, but i'ts somewhat advanced. See:

No edit/delete/report Buttons in Some phpBB Forums
http://lists.dillo.org/pipermail/dillo- ... 10523.html

and bear in mind that it appears that the sed command lost a little in the transit ;-). It should be:

Code: Select all

cat /Cmn/dLo/SK_150514-10_pg2_src.php  | grep delete-icon | sed 's/\&/\&/g'
and I hope it will hold to what I posted, here.

EDIT END

dillo, however is such an ocean of calm security-wise, so these are, yes, issues, but sniffings practices, intrusions, even attacks when I browse with Schmooglezilla Fox, that's worse, much worse...

So, here is documented, but will even be documented for newbies (hard to read those dumps for them, yet, without some explaining which I intend to do some time in the future)...

So, here is documented, how I am not allowed by third subjects, obviously to do with my provider, to send two simple mails:

Postfix smtp/TLS, Bkp/Cloning Mthd, Censorship/Intrusion
https://forums.gentoo.org/viewtopic-t-9 ... ml#7746644

And just like I say there, pls. if anybody from Devuan is reading this, pls. do call their attention to my second previous post from here:

( this same topic you are reading )
http://forums.debian.net/viewtopic.php? ... 60#p577538

Thank you!
Last edited by timbgo on 2015-05-14 18:02, edited 1 time in total.
Miroslav Rovis
Zagreb, Croatia
http://www.CroatiaFidelis.hr
Anyone can dismiss these: kernel hooks for rootkits
linux capabilities for intrusion?

User avatar
mardybear
Posts: 994
Joined: 2014-01-19 03:30

Re: Grsecurity/Pax installation on Debian GNU/Linux

#67 Post by mardybear »

Hi timbgo.

Here's the full Alpine link address, hope this works in Dillo. Really should take a look if interested in gsecurity and a system that doesn't come default with a whole bunch of unnecessary stuff.
http://www.alpinelinux.org/about/

Avahi was developed by Lennart Poettering and Trent Lloyd. Average user doesn't need it, yet it's installed by default in most major Linux distributions. Just check it out via pstree or ps, disable Avahi and reboot, chances are your system won't miss it.
Avahi is a free zero-configuration networking (zeroconf) implementation, including a system for multicast DNS/DNS-SD service discovery. It is licensed under the GNU Lesser General Public License (LGPL).

Avahi is a system which enables programs to publish and discover services and hosts running on a local network. For example, a user can plug their computer into a network and have Avahi automatically advertise the network services running on the machine which could enable access to files and printers.
http://en.wikipedia.org/wiki/Avahi_%28software%29
800mhz, 512mb ram, dCore-jessie (Tiny Core with Debian Jessie packages) with BusyBox and Fluxbox.
Most don't have computer access, reuse or pay forward an old computer.

timbgo
Posts: 265
Joined: 2013-04-14 12:17

Re: Grsecurity/Pax installation on Debian GNU/Linux

#68 Post by timbgo »

The problem is lack of time.

But anyway, I wasn't posting only for myself, and I believe users will find Alpine attractive!

Thanks for caring for the right programs, mardybear!
Miroslav Rovis
Zagreb, Croatia
http://www.CroatiaFidelis.hr
Anyone can dismiss these: kernel hooks for rootkits
linux capabilities for intrusion?

timbgo
Posts: 265
Joined: 2013-04-14 12:17

Re: Grsecurity/Pax installation on Debian GNU/Linux

#69 Post by timbgo »

Regarding the installation of grsecurity, however, I gave lots of explanation and examples in the five pages of this tip, so far.

I believe, the most of the work is done, with this tip. When if ever, will there be a real for-newbies-easy-to-use deployment of grsecurity? Maybe never, since you get their SELinux deployed in no-brains-needed fashion, because the filthy richness (the secret services are always with the moneys in societies left and right, it's the nature of the corrupted power)... [because the filthy richness] is not with us, but with them and it's those, the NSA and friends who made or broke, bullied or bought their way into your boxes, dear *nixers...

Here is an afterthought, and a promise that I will try to keep:
https://forums.grsecurity.net/viewtopic ... 344#p15344

because I really like Gentoo and (Debian/Devuan?), and Dillo and Postfix, and a lot of other programs, but I love the best grsecurity, because they, our heroes spender and PaX Team, without them, the computing would have been so much poorer that you can't even imagine.

[So much poorer] of the real richness, the freedom, the freedom, attainable, not easily but pretty hard to attain, but attainable freedom from surveillance, one of the worst and most dangerous evils of our days.
Miroslav Rovis
Zagreb, Croatia
http://www.CroatiaFidelis.hr
Anyone can dismiss these: kernel hooks for rootkits
linux capabilities for intrusion?

jlambrecht
Posts: 374
Joined: 2008-02-01 16:21

Re: Grsecurity/Pax installation on Debian GNU/Linux

#70 Post by jlambrecht »

sorry to barge in like this, i've spent time on grsec with Debian before and it was a bit steep at first, then it seemed to work well for me. Now, on a laptop, i cannot get it to work well. I had to recompile the intel ethernet module from intel sources because it seemed buggy, now i have network. But only DNS resolves, i cannot get apt-get update to work or for the policy to adapt to it.

Does anyone have a shorthand guide on working with grsec on Debian ? I still have the machine for which it worked at hand so i can also make a copy but i'd prefer to share experiences.
Embrace what you're not certain off,
keep an eye on what you're confident about.

timbgo
Posts: 265
Joined: 2013-04-14 12:17

Re: Grsecurity/Pax installation on Debian GNU/Linux

#71 Post by timbgo »

jlambrecht wrote:sorry to barge in like this, i've spent time on grsec with Debian before and it was a bit steep at first, then it seemed to work well for me. Now, on a laptop, i cannot get it to work well. I had to recompile the intel ethernet module from intel sources because it seemed buggy, now i have network. But only DNS resolves, i cannot get apt-get update to work or for the policy to adapt to it.

Does anyone have a shorthand guide on working with grsec on Debian ? I still have the machine for which it worked at hand so i can also make a copy but i'd prefer to share experiences.
It's not that simple.

1) You need to post all the relevant settings, and all the relevant log errors, and then describe as best you can, without missing important details, what is happening and what you suspect could be the cause (that is learning in itself, even if you get no reply)

2) and then someone who has experience with a similar setup and similar particular issues that you may have with your hardware or your setup, or such, than he has to look at it and try to figure out what there could be set wrong or even that there some circumstances (whichever that they may consist of) appear to be twarting or disabilitating and chance of successful grsec installation and deployment, and then such person may even need to test it on a similar system

I've given directions that seemed to me the best bet to get it done.

But, if I recall correctly, you are on Ubuntu, and I don't even have a working Debian at the moment, and Devuan is currently installable the dbus way, without alternative, IIUC (and I do follow Devuan mailing list so I'm probably right here), which I wrote about that I don't want to follow...

In Ubuntu you also have dbus... which in my opinion is just a companion of systemd. And you also have systemd in Ubuntu, IIRC...

To deploy grsecurity in a system with systemd, it's not me (who am not even so advanced, to be honest), but more advanced and experienced users, such as a few Gentooers, for example, have complained that it is a headache to get a working grsecurity on a systemd machine...

I know Ubuntu is a real brand name, and so will Debian continue to be, and lets see if, which I so much hoped for, a systemd-free Debian fork, the Devuan really takes off and applies for the best standards in FOSS, such as allowing freedom from also dbus...

So, I know Ubuntu is a real brand name, and so will Debian remain to be (tarnished with the systemd default), but if I were you, I would seriously research if Miro Rovis, who writes these lines for you, to post his best advice in your case, if I were you, I would seriously research whether Miro is right, or maybe wrong (he's been decidedly proven wrong sometimes), and whether those, as he says, fake FOSS programs are as bad as he claims.

Fake FOSS programs, because they are, in his opinion, done in the service of big money (military, the absolutely most money spending firm in the world, the U.S. firm, is the main customer of the Red Hat who pay Poettering and Sievers, the systemd guys and all of their windozation-of-FOSS-Linux cameraderie)...

Because those guys are payed for by big money, and they have nothing to really do with the real free projects that are not corporate servicemen like the poetter-people, but who are free and open source idealist people like you and me...

I would research those, and, in case the systemd and grsec do appear incompatible... maybe I would see if I could get rid of them in Ubuntu first, so I can install grsec-hardened kernel...

Or maybe choose the Apline Linux, as mardybear suggests... or maybe go with the Debian but the way that Miro (I'm still talking if I were you) wrote in a few places and linked to other tips, such as on how to install Debian the Air-Gapped way, systemd-frree:

Air-Gapped Debian Install for Newbies
http://forums.debian.net/viewtopic.php? ... 8&#p564470

and also without dbus:

How to Remove Systemd and Related Packages from Your Debian
http://forums.debian.net/viewtopic.php?f=16&t=118197

if those are still possible.

If I didn't have issues that drain my power (and a really good Gentoo installation for on-line, cloned from air-gapped offline-only), I would go those ways (as, not anymore talking as if I were you), I'm pretty certain of my findings.

Got to go. Cheers!
Miroslav Rovis
Zagreb, Croatia
http://www.CroatiaFidelis.hr
Anyone can dismiss these: kernel hooks for rootkits
linux capabilities for intrusion?

jlambrecht
Posts: 374
Joined: 2008-02-01 16:21

Re: Grsecurity/Pax installation on Debian GNU/Linux

#72 Post by jlambrecht »

Hi, thanks for the once more lengthy response. I'm not sure if i agree, grsec should be simple enough to get started.

I'll work on a simple yet effective procedure if i manage to fix this current challenge.
Embrace what you're not certain off,
keep an eye on what you're confident about.

pcalvert
Posts: 1939
Joined: 2006-04-21 11:19
Location: Sol Sector
Has thanked: 1 time
Been thanked: 2 times

Re: Grsecurity/Pax installation on Debian GNU/Linux

#73 Post by pcalvert »

Freespoke is a new search engine that respects user privacy and does not engage in censorship.

User avatar
Head_on_a_Stick
Posts: 14114
Joined: 2014-06-01 17:46
Location: London, England
Has thanked: 81 times
Been thanked: 132 times

Re: Grsecurity/Pax installation on Debian GNU/Linux

#74 Post by Head_on_a_Stick »

^ You can't use VirtualBox with a grsec kernel and it can be restrictive if you tighten up the controls too much.

Also, they appear to be the testing images:
https://grsecurity.net/

Unfortunately, thanks to the abuses of embedded systems developers, the grsec team have restricted the availability of the stable release and it is no longer free (as in beer):
https://grsecurity.net/announce.php

:(

For the stable version of the grsec-patched kernel, I would recommend Alpine Linux:
http://www.alpinelinux.org/
deadbang

pcalvert
Posts: 1939
Joined: 2006-04-21 11:19
Location: Sol Sector
Has thanked: 1 time
Been thanked: 2 times

Re: Grsecurity/Pax installation on Debian GNU/Linux

#75 Post by pcalvert »

Head_on_a_Stick wrote: For the stable version of the grsec-patched kernel, I would recommend Alpine Linux:
http://www.alpinelinux.org/
How is it that they have the stable version of Grsecurity and not the testing version?

Phil
Freespoke is a new search engine that respects user privacy and does not engage in censorship.

User avatar
Head_on_a_Stick
Posts: 14114
Joined: 2014-06-01 17:46
Location: London, England
Has thanked: 81 times
Been thanked: 132 times

Re: Grsecurity/Pax installation on Debian GNU/Linux

#76 Post by Head_on_a_Stick »

pcalvert wrote:How is it that they have the stable version of Grsecurity
Ah, perhaps I was being a fanboi with that statement...

At the moment, the current stable grsec release is 4.4.16 but my Alpine system has:

Code: Select all

empty@alpine ~ % uname -a
Linux alpine 4.4.15-1-grsec #2-Alpine SMP Mon Jul 18 11:27:31 GMT 2016 x86_64 GNU/Linux
IIRC from the last upgrade, the 4.4.16 will be added a few days after grsec move on to 4.4.17 so it is always one version down (if you see what I mean).
deadbang

timbgo
Posts: 265
Joined: 2013-04-14 12:17

Re: Grsecurity/Pax installation on Debian GNU/Linux

#77 Post by timbgo »

I'd be interested to know if my method, which can be read about, and the script is renewed, with grsecurity having taken, appears to me good care of by minipli and friends (just the LTS kernel being patched, but that is still very valuable)...

I'd be interested to know if my method, works fine with Debian and Ubuntu.

See (skip to recent posts there):
Grsecurity/Pax installation on Devuan GNU/Linux
https://dev1galaxy.org/viewtopic.php?id=596

The renewed script is at:
https://github.com/miroR/grsec-dev1-compile

The new patches are now from:
https://github.com/minipli/linux-unoffi ... cial_grsec

I see people from Subgraph are also engaged... and Parazyd a Devuan and Gentoo developer.

In the latest release from:
https://github.com/minipli/linux-unoffi ... /releases/

it seems they had been successful in getting some of the RAP protection back in...
(
https://github.com/minipli/linux-unoffi ... dc6f20cded
)


Of course mine is just a helper script for newbies, I'm not an expert (just a reminder).

But I do believe my script should work for Debian/Ubuntu and others from the family...

Pls. let me know if you find it useful! Regards!
Miroslav Rovis
Zagreb, Croatia
http://www.CroatiaFidelis.hr
Anyone can dismiss these: kernel hooks for rootkits
linux capabilities for intrusion?

timbgo
Posts: 265
Joined: 2013-04-14 12:17

Re: Grsecurity/Pax installation on Debian GNU/Linux

#78 Post by timbgo »

There are also packages available. But first, they are actually NOT recommended, and the big fat warning says so.

https://croatiafidelis.hr/gnu/deb/linux ... 170923-22/

But you can always compile, as I wrote there as well!

Regards!
Miroslav Rovis
Zagreb, Croatia
http://www.CroatiaFidelis.hr
Anyone can dismiss these: kernel hooks for rootkits
linux capabilities for intrusion?

User avatar
Head_on_a_Stick
Posts: 14114
Joined: 2014-06-01 17:46
Location: London, England
Has thanked: 81 times
Been thanked: 132 times

Re: Grsecurity/Pax installation on Debian GNU/Linux

#79 Post by Head_on_a_Stick »

@timbgo, thank you very much for all of your efforts, they are very much appreciated :)

I haven't had time to try any of this in Debian yet (I'm running Alpine Linux atm and that still has the grsec patches included) but I do intend to.

Do you know if the patches will apply to the Debian kernels?

https://kernel-handbook.alioth.debian.o ... n-official

I am tempted to file a Request for Packaging for a KSPP-patched kernel version, Arch has a linux-hardened package that offers this.
deadbang

timbgo
Posts: 265
Joined: 2013-04-14 12:17

Re: Grsecurity/Pax installation on Debian GNU/Linux

#80 Post by timbgo »

Head_on_a_Stick wrote:@timbgo, thank you very much for all of your efforts, they are very much appreciated :)

I haven't had time to try any of this in Debian yet (I'm running Alpine Linux atm and that still has the grsec patches included) but I do intend to.

Do you know if the patches will apply to the Debian kernels?

https://kernel-handbook.alioth.debian.o ... n-official
Very probably yes. Devuan and Debian, and Ubuntu and other of the Debian family do have the samy kernels. Often bit by bit same.
Head_on_a_Stick wrote:I am tempted to file a Request for Packaging for a KSPP-patched kernel version, Arch has a linux-hardened package that offers this.
No, not KSPP (well, not in my opinion)! They go a whole different way. Not the grsec way. minipli's unofficial-grsecurity (links are where due) does go the grsecurity way!

I'm ill today (ah, just strong but cripling allergy), can't write longer.

Regards!
Miroslav Rovis
Zagreb, Croatia
http://www.CroatiaFidelis.hr
Anyone can dismiss these: kernel hooks for rootkits
linux capabilities for intrusion?

Post Reply