View previous topic :: View next topic |
Author |
Message |
leonchik1976 Guru
Joined: 24 Jan 2010 Posts: 325
|
Posted: Fri May 21, 2010 3:15 pm Post subject: Grsecurity problem |
|
|
if i set CONFIG_GRKERNSEC_CUSTOM=y the system boots find, but if i set CONFIG_GRKERNSEC_HARDENED_SERVER=y
the system doens't boot, and gives a lot of error from kernel.
anyone faced this problem? |
|
Back to top |
|
|
nixnut Bodhisattva
Joined: 09 Apr 2004 Posts: 10974 Location: the dutch mountains
|
Posted: Fri May 21, 2010 4:14 pm Post subject: |
|
|
Moved from Installing Gentoo to Networking & Security.
Not about getting gentoo installed. _________________ Please add [solved] to the initial post's subject line if you feel your problem is resolved. Help answer the unanswered
talk is cheap. supply exceeds demand |
|
Back to top |
|
|
tgR10 Apprentice
Joined: 23 Oct 2007 Posts: 262 Location: caly ten ambaras
|
Posted: Fri May 21, 2010 6:40 pm Post subject: |
|
|
had similar problem like 2 years ago ... don't remember what was the problem exactly, but if i remember corectly the kernel restricted itself to do some stuff ...
try those options, and check if it boots, then try to tune it up for your needs
i'm using "custom security level" since then, never had any problem (exept vmware - but it's a different story)
Code: | CONFIG_GRKERNSEC=y
CONFIG_GRKERNSEC_CUSTOM=y
CONFIG_GRKERNSEC_PROC_MEMMAP=y
CONFIG_GRKERNSEC_BRUTE=y
CONFIG_GRKERNSEC_HIDESYM=y
CONFIG_GRKERNSEC_ACL_HIDEKERN=y
CONFIG_GRKERNSEC_ACL_MAXTRIES=3
CONFIG_GRKERNSEC_ACL_TIMEOUT=30
CONFIG_GRKERNSEC_PROC=y
CONFIG_GRKERNSEC_PROC_USER=y
CONFIG_GRKERNSEC_PROC_ADD=y
CONFIG_GRKERNSEC_LINK=y
CONFIG_GRKERNSEC_FIFO=y
CONFIG_GRKERNSEC_CHROOT=y
CONFIG_GRKERNSEC_CHROOT_MOUNT=y
CONFIG_GRKERNSEC_CHROOT_DOUBLE=y
CONFIG_GRKERNSEC_CHROOT_PIVOT=y
CONFIG_GRKERNSEC_CHROOT_CHDIR=y
CONFIG_GRKERNSEC_CHROOT_CHMOD=y
CONFIG_GRKERNSEC_CHROOT_FCHDIR=y
CONFIG_GRKERNSEC_CHROOT_MKNOD=y
CONFIG_GRKERNSEC_CHROOT_SHMAT=y
CONFIG_GRKERNSEC_CHROOT_UNIX=y
CONFIG_GRKERNSEC_CHROOT_FINDTASK=y
CONFIG_GRKERNSEC_CHROOT_NICE=y
CONFIG_GRKERNSEC_CHROOT_SYSCTL=y
CONFIG_GRKERNSEC_CHROOT_CAPS=y
CONFIG_GRKERNSEC_AUDIT_GROUP=y
CONFIG_GRKERNSEC_AUDIT_GID=100
CONFIG_GRKERNSEC_AUDIT_MOUNT=y
CONFIG_GRKERNSEC_FORKFAIL=y
CONFIG_GRKERNSEC_PROC_IPADDR=y
CONFIG_GRKERNSEC_EXECVE=y
CONFIG_GRKERNSEC_DMESG=y
CONFIG_GRKERNSEC_TPE=y
CONFIG_GRKERNSEC_TPE_ALL=y
CONFIG_GRKERNSEC_TPE_INVERT=y
CONFIG_GRKERNSEC_TPE_GID=1000
CONFIG_GRKERNSEC_RANDNET=y
CONFIG_GRKERNSEC_BLACKHOLE=y
CONFIG_GRKERNSEC_SOCKET=y
CONFIG_GRKERNSEC_SOCKET_ALL=y
CONFIG_GRKERNSEC_SOCKET_ALL_GID=1111
CONFIG_GRKERNSEC_SOCKET_CLIENT=y
CONFIG_GRKERNSEC_SOCKET_CLIENT_GID=1112
CONFIG_GRKERNSEC_SOCKET_SERVER=y
CONFIG_GRKERNSEC_SOCKET_SERVER_GID=1113
CONFIG_GRKERNSEC_SYSCTL=y
CONFIG_GRKERNSEC_SYSCTL_ON=y
CONFIG_GRKERNSEC_FLOODTIME=10
CONFIG_GRKERNSEC_FLOODBURST=4
|
don't forget to set your gid's _________________ "bo kto ma racje ? ten kto z bliska zobaczy"
"moge nie wiedziec,wchlaniam niewiedze z malych torebek"
http://i12.tinypic.com/4pow0mu.png
http://userbar.tgr.debil.eu/userbar.jpg |
|
Back to top |
|
|
bendeguz Apprentice
Joined: 10 Feb 2010 Posts: 189
|
Posted: Mon May 24, 2010 9:57 am Post subject: |
|
|
I have issues with pax, so i disabled it from kernel, and I try adding the features one-by-one to see what's causing problems. |
|
Back to top |
|
|
|