Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
No "server" profile...
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Installing Gentoo
View previous topic :: View next topic  
Author Message
mattg889
n00b
n00b


Joined: 07 Nov 2012
Posts: 21

PostPosted: Thu Feb 28, 2013 2:14 am    Post subject: No "server" profile... Reply with quote

Hi, I am trying to install Gentoo on my HP DL360 G5 server. I am doing the installation with "systemrescuecd" because the Gentoo 64bit minimal disk does not work with my network cards.
I am following the "Gentoo Linux x86 Quick Install Guide" just with the amd64 stage 3.
I can get to the point of selecting my profile with no problems at all. But now when I enter the command "eselect profile list" this is the output:

[1] default/linux/amd64/13.0
[2] default/linux/amd64/13.0/selinux
[3] default/linux/amd64/13.0/desktop
[4] default/linux/amd64/13.0/desktop/gnome
[5] default/linux/amd64/13.0/desktop/kde
[6] default/linux/amd64/13.0/developer
[7] default/linux/amd64/13.0/no-multilib
[8] default/linux/amd64/13.0/x32
[9] hardened/linux/amd64
[10] hardened/linux/amd64/selinux
[11] hardened/linux/amd64/no-multilib
[12] hardened/linux/amd64/no-multilib/selinux
[13] hardened/linux/uclibc/amd64

I want to set this up as a server but I don't see any server option. I was expecting to see "default/linux/amd64/13.0/server" in the list.

Did I miss something?
Back to top
View user's profile Send private message
Jaglover
Advocate
Advocate


Joined: 29 May 2005
Posts: 4657
Location: Saint Amant, Acadiana

PostPosted: Thu Feb 28, 2013 2:30 am    Post subject: Reply with quote

No worries, just go with default/linux/amd64/13.0, profile is nothing but a starting point anyway.
_________________
Please learn how to denote units correctly!
Back to top
View user's profile Send private message
mattg889
n00b
n00b


Joined: 07 Nov 2012
Posts: 21

PostPosted: Thu Feb 28, 2013 3:14 am    Post subject: Reply with quote

Sorry to be a pain, but I would like to see if I can figure out why the server profile isn't showing up. If I understand it right, the profiles pre-set all the use flags and a bunch of other settings. Using the "starting point" profile would require me to find out what settings are missing and/or wrong. And I must admit, I am not exactly a Linux expert...
Any other ideas?
Back to top
View user's profile Send private message
cach0rr0
Moderator
Moderator


Joined: 13 Nov 2008
Posts: 4121
Location: Houston, Republic of Texas

PostPosted: Thu Feb 28, 2013 10:07 am    Post subject: Reply with quote

server profile is gone/deprecated/dead i believe

if youre going to roll a server, go with

Code:

  [9]   hardened/linux/amd64 *


that doesnt mean youre going to be rolling with a hardened kernel, or anything of the sort. unless you want to be.
_________________
Lost configuring your system?
dump lspci -n here | see Pappy's guide | Link Stash
Back to top
View user's profile Send private message
jody
Guru
Guru


Joined: 16 Oct 2007
Posts: 461
Location: Switzerland

PostPosted: Thu Feb 28, 2013 2:40 pm    Post subject: kernel configuration for PaX? Reply with quote

Hi

I also need to install gentoo for a server. I used the profile
Code:
  [9]   hardened/linux/amd64 *


I tried to follow the Hardened Gentoo PaX Quickstart http://www.gentoo.org/proj/en/hardened/pax-quickstart.xml which i reached from "Introduction to Hardened Gentoo" http://www.gentoo.org/proj/en/hardened/primer.xml but i got stuck here:
Quote:
As stated, the PaX patches are bundled with Grsecurity, so the PaX configuration options are found under that menu in Security Options -> Grsecurity -> Customize Configuration -> PaX. You also have the option of selecting one of Grsecurity's preconfigured profiles at Security Options -> Grsecurity -> Configuration Method. These will give you a meaningful starting point configuration for PaX.

But in menuconfig the "Security options" does not have a sub item "Grsecurity".

Can anybody tell me what kernel options i have to choose for PaX (and PIE?)?

Thank You
Jody
Back to top
View user's profile Send private message
mvaterlaus
Apprentice
Apprentice


Joined: 01 Oct 2010
Posts: 154
Location: Switzerland

PostPosted: Thu Feb 28, 2013 2:46 pm    Post subject: Reply with quote

jody wrote:

Can anybody tell me what kernel options i have to choose for PaX (and PIE?)?


I think, you are using a gentoo-sources kernel and not a hardened-sources kernel. You need to have a hardened-sources kernel, because the hardened-sources are allready patched with GRsecurity and PaX. If you want to use a gentoo-sources kernel or a vanilla kernel, you need to patch the kernel yourself.
Back to top
View user's profile Send private message
jody
Guru
Guru


Joined: 16 Oct 2007
Posts: 461
Location: Switzerland

PostPosted: Thu Feb 28, 2013 3:18 pm    Post subject: Reply with quote

this is possible:
i just did 'emerge gentoo-sources'...
Now that you pointed that out:
i assume i have to emerge 'sys-kernel/hardened-sources', right?

Thanks
Jody
Back to top
View user's profile Send private message
mvaterlaus
Apprentice
Apprentice


Joined: 01 Oct 2010
Posts: 154
Location: Switzerland

PostPosted: Thu Feb 28, 2013 3:41 pm    Post subject: Reply with quote

yeah, sys-kernel/hardened-sources is the right package to go. there are also pappy kernel seeds to start with a minimal default config.
Back to top
View user's profile Send private message
mattg889
n00b
n00b


Joined: 07 Nov 2012
Posts: 21

PostPosted: Thu Feb 28, 2013 4:53 pm    Post subject: Oh I forgot... Reply with quote

I forgot to mention that I am trying to install my server as a headless server. No GUI. And I was planning on installing VirtualBox in headless mode. Is the "hardened/linux/amd64" profile still the best option?
Back to top
View user's profile Send private message
krinn
Advocate
Advocate


Joined: 02 May 2003
Posts: 4274

PostPosted: Thu Feb 28, 2013 5:26 pm    Post subject: Reply with quote

IMO the best profile is just [1] default/linux/amd64/13.0 (without looking into profiles to see the diff), but i expect hardened profile to enable some hardened use flags and install must have tools for hardened usage that you don't need/want for a server that will not run with hardened kernel anyway, so you end with garbage.

So, yep for me, cach0rr0's advise wasn't a good one.
Back to top
View user's profile Send private message
cach0rr0
Moderator
Moderator


Joined: 13 Nov 2008
Posts: 4121
Location: Houston, Republic of Texas

PostPosted: Thu Feb 28, 2013 10:45 pm    Post subject: Reply with quote

krinn wrote:
IMO the best profile is just [1] default/linux/amd64/13.0 (without looking into profiles to see the diff), but i expect hardened profile to enable some hardened use flags and install must have tools for hardened usage that you don't need/want for a server that will not run with hardened kernel anyway, so you end with garbage.

So, yep for me, cach0rr0's advise wasn't a good one.


only thing i can think of that it might enable that might have an impact - hardened GCC (upon rebuild)
looking at my entire system for things that use either the 'hardened' or 'pax_kernel' USE flag, all I see are:

Code:

vunnable amd64 # equery hasuse hardened
 * Searching for USE flag hardened ...
[IP-] [  ] app-admin/syslog-ng-3.3.5-r1:0
[IP-] [  ] dev-util/pkgconfig-0.28:0
[IP-] [  ] media-gfx/splashutils-1.5.4.4-r2:0
[IP-] [  ] sys-devel/gcc-4.6.3:4.6
[IP-] [  ] sys-libs/glibc-2.16.0:2.2
[IP-] [  ] x11-libs/gnome-pty-helper-0.34.2:0
vunnable amd64 # equery hasuse pax_kernel
 * Searching for USE flag pax_kernel ...
[IP-] [  ] dev-java/oracle-jre-bin-1.7.0.13:1.7
[IP-] [  ] dev-libs/libffi-3.0.12:0
[I--] [??] media-libs/mesa-9.1_rc1:0
[IP-] [  ] net-im/skype-4.1.0.20:0


only ones of these he would have on a headless server are gcc, glibc, pkgconfig, and syslog-ng - and the syslog-ng changes are very nice, even for a non-server setup, since it has filters that put things into different organized logs, rather than dumping everything into /var/log/messages. The above packages are from my laptop, which has a load of crap on it - so, yeah, he will not have these things on a server, and really the only thing changed is that my programs were build with "hardened" GCC.

that's not going to be a big broad sweeping change, but, you get SSP as an added bonus upon rebuilding GCC, and rebuilding subsequent packages should you so choose - SSP is not a bad thing on a server...

in other words, it is very unlikely to make any problematic changes, AND, "hardened GCC" has a small handful of benefits.
win/win IMHO

with hardened-sources you *do* get prompted to install gradm, but this is not installed by default, and, that's only if you use hardened-sources do you need that.
_________________
Lost configuring your system?
dump lspci -n here | see Pappy's guide | Link Stash
Back to top
View user's profile Send private message
Hu
Watchman
Watchman


Joined: 06 Mar 2007
Posts: 8990

PostPosted: Fri Mar 01, 2013 3:15 am    Post subject: Reply with quote

You are not required to use sys-kernel/hardened-sources to use the hardened profile. You are welcome to use a plain sys-kernel/gentoo-sources with the hardened profile. However, if you want to see the GRsecurity options, then using sys-kernel/hardened-sources is the easiest way to get them. In my opinion, a server is the place where you want to use hardened if you use it at all, since by definition it is offering service to external entities, some of which may be malicious.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Installing Gentoo All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum