Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Grsecurity problem
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
leonchik1976
Tux's lil' helper
Tux's lil' helper


Joined: 24 Jan 2010
Posts: 92

PostPosted: Fri May 21, 2010 3:15 pm    Post subject: Grsecurity problem Reply with quote

if i set CONFIG_GRKERNSEC_CUSTOM=y the system boots find, but if i set CONFIG_GRKERNSEC_HARDENED_SERVER=y
the system doens't boot, and gives a lot of error from kernel.
anyone faced this problem?
Back to top
View user's profile Send private message
nixnut
Bodhisattva
Bodhisattva


Joined: 09 Apr 2004
Posts: 10974
Location: the dutch mountains

PostPosted: Fri May 21, 2010 4:14 pm    Post subject: Reply with quote

Moved from Installing Gentoo to Networking & Security.
Not about getting gentoo installed.
_________________
Please add [solved] to the initial post's subject line if you feel your problem is resolved. Help answer the unanswered

talk is cheap. supply exceeds demand
Back to top
View user's profile Send private message
tgR10
Apprentice
Apprentice


Joined: 23 Oct 2007
Posts: 262
Location: caly ten ambaras

PostPosted: Fri May 21, 2010 6:40 pm    Post subject: Reply with quote

had similar problem like 2 years ago ... don't remember what was the problem exactly, but if i remember corectly the kernel restricted itself to do some stuff ...
try those options, and check if it boots, then try to tune it up for your needs
i'm using "custom security level" since then, never had any problem (exept vmware - but it's a different story)


Code:
CONFIG_GRKERNSEC=y
CONFIG_GRKERNSEC_CUSTOM=y
CONFIG_GRKERNSEC_PROC_MEMMAP=y
CONFIG_GRKERNSEC_BRUTE=y
CONFIG_GRKERNSEC_HIDESYM=y
CONFIG_GRKERNSEC_ACL_HIDEKERN=y
CONFIG_GRKERNSEC_ACL_MAXTRIES=3
CONFIG_GRKERNSEC_ACL_TIMEOUT=30
CONFIG_GRKERNSEC_PROC=y
CONFIG_GRKERNSEC_PROC_USER=y
CONFIG_GRKERNSEC_PROC_ADD=y
CONFIG_GRKERNSEC_LINK=y
CONFIG_GRKERNSEC_FIFO=y
CONFIG_GRKERNSEC_CHROOT=y
CONFIG_GRKERNSEC_CHROOT_MOUNT=y
CONFIG_GRKERNSEC_CHROOT_DOUBLE=y
CONFIG_GRKERNSEC_CHROOT_PIVOT=y
CONFIG_GRKERNSEC_CHROOT_CHDIR=y
CONFIG_GRKERNSEC_CHROOT_CHMOD=y
CONFIG_GRKERNSEC_CHROOT_FCHDIR=y
CONFIG_GRKERNSEC_CHROOT_MKNOD=y
CONFIG_GRKERNSEC_CHROOT_SHMAT=y
CONFIG_GRKERNSEC_CHROOT_UNIX=y
CONFIG_GRKERNSEC_CHROOT_FINDTASK=y
CONFIG_GRKERNSEC_CHROOT_NICE=y
CONFIG_GRKERNSEC_CHROOT_SYSCTL=y
CONFIG_GRKERNSEC_CHROOT_CAPS=y
CONFIG_GRKERNSEC_AUDIT_GROUP=y
CONFIG_GRKERNSEC_AUDIT_GID=100
CONFIG_GRKERNSEC_AUDIT_MOUNT=y
CONFIG_GRKERNSEC_FORKFAIL=y
CONFIG_GRKERNSEC_PROC_IPADDR=y
CONFIG_GRKERNSEC_EXECVE=y
CONFIG_GRKERNSEC_DMESG=y
CONFIG_GRKERNSEC_TPE=y
CONFIG_GRKERNSEC_TPE_ALL=y
CONFIG_GRKERNSEC_TPE_INVERT=y
CONFIG_GRKERNSEC_TPE_GID=1000
CONFIG_GRKERNSEC_RANDNET=y
CONFIG_GRKERNSEC_BLACKHOLE=y
CONFIG_GRKERNSEC_SOCKET=y
CONFIG_GRKERNSEC_SOCKET_ALL=y
CONFIG_GRKERNSEC_SOCKET_ALL_GID=1111
CONFIG_GRKERNSEC_SOCKET_CLIENT=y
CONFIG_GRKERNSEC_SOCKET_CLIENT_GID=1112
CONFIG_GRKERNSEC_SOCKET_SERVER=y
CONFIG_GRKERNSEC_SOCKET_SERVER_GID=1113
CONFIG_GRKERNSEC_SYSCTL=y
CONFIG_GRKERNSEC_SYSCTL_ON=y
CONFIG_GRKERNSEC_FLOODTIME=10
CONFIG_GRKERNSEC_FLOODBURST=4

don't forget to set your gid's
_________________
"bo kto ma racje ? ten kto z bliska zobaczy"
"moge nie wiedziec,wchlaniam niewiedze z malych torebek"
http://i12.tinypic.com/4pow0mu.png
http://userbar.tgr.debil.eu/userbar.jpg
Back to top
View user's profile Send private message
bendeguz
Apprentice
Apprentice


Joined: 10 Feb 2010
Posts: 184

PostPosted: Mon May 24, 2010 9:57 am    Post subject: Reply with quote

I have issues with pax, so i disabled it from kernel, and I try adding the features one-by-one to see what's causing problems.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum