View previous topic :: View next topic |
Author |
Message |
SxN Apprentice
Joined: 08 Jan 2007 Posts: 165 Location: Toronto, ON, Canada
|
Posted: Mon Mar 23, 2015 1:20 am Post subject: Hardening, upgrading kernel, and more |
|
|
Hi All,
I have a working Gentoo 3.10.25, which I installed at the time as a desktop profile. It served me well, and it would continue so, except that I'm now a student, learning IT security, and the subject is SELinux.
So, it is time to harden the kernel. But, if I'm already there, ideally I would upgrade the kernel too.
I checked the net, found several tutorials, but got nowhere. At one point, in order to harden, I had to emerge gcc in the hardened profile, but then, it failed because "SELinux module not found". When trying to emerge SELinux, I found two policies, one is selinux-nx, one selinux-wm. What are these?
In trying to find the answer online, I stumbled over this site: http://www.calculate-linux.org/packages/sec-policy. Are these policies for certain software modules/applications?
So, bottom line, can I do an upgrade of my kernel with a hardened version? I downloaded stage3-amd64-hardened-20150319.tar.bz2, but how do I take advantage of it?
Any pointers are welcome.
Thanks,
SxN
Last edited by SxN on Mon Mar 23, 2015 1:45 pm; edited 1 time in total |
|
Back to top |
|
|
N8Fear Tux's lil' helper
Joined: 15 Apr 2013 Posts: 140 Location: Berlin (Germany)
|
Posted: Mon Mar 23, 2015 8:30 pm Post subject: |
|
|
I think you throw quite a bunch og things together here. I would propose you do your hardening in the following order:
1. switch to hardened NON-selinux profile, rebuild gcc, your lib c (I presume glibc) and binutils and world afterwards (likely it would be enough to rebuild @system and rebuild @world after switching to SELinux enabled profile - this may lead to some packages less to rebuild at the cost of a likely unusable desktop during the process).
2. Update kernel (possibly switching to hardened sources and PaX&grsecurity - though this is NOT required).
3. Switch your system to SELinux following this guide: https://wiki.gentoo.org/wiki/SELinux/Installation
If you try to mix these steps you're likely going to experience all kinds of breakage an pain
Option 2 would be to switch to SELinux on a non-hardened profile and possibly switch to a hardened SELinux profile afterwards. In any way you should finish switching to hardened before switching to SELinux or vice versa. |
|
Back to top |
|
|
SxN Apprentice
Joined: 08 Jan 2007 Posts: 165 Location: Toronto, ON, Canada
|
Posted: Tue Mar 24, 2015 1:10 pm Post subject: |
|
|
Will try to follow these steps, thank you!
SxN |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|