Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

Hardening, upgrading kernel, and more
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
SxN
Apprentice
Apprentice


Joined: 08 Jan 2007
Posts: 165
Location: Toronto, ON, Canada
PostPosted: Mon Mar 23, 2015 1:20 am    Post subject: Hardening, upgrading kernel, and more Reply with quote
Hi All,

I have a working Gentoo 3.10.25, which I installed at the time as a desktop profile. It served me well, and it would continue so, except that I'm now a student, learning IT security, and the subject is SELinux.

So, it is time to harden the kernel. But, if I'm already there, ideally I would upgrade the kernel too.

I checked the net, found several tutorials, but got nowhere. At one point, in order to harden, I had to emerge gcc in the hardened profile, but then, it failed because "SELinux module not found". When trying to emerge SELinux, I found two policies, one is selinux-nx, one selinux-wm. What are these?

In trying to find the answer online, I stumbled over this site: http://www.calculate-linux.org/packages/sec-policy. Are these policies for certain software modules/applications?

So, bottom line, can I do an upgrade of my kernel with a hardened version? I downloaded stage3-amd64-hardened-20150319.tar.bz2, but how do I take advantage of it?

Any pointers are welcome.

Thanks,
SxN

Last edited by SxN on Mon Mar 23, 2015 1:45 pm; edited 1 time in total
Back to top
View user's profile Send private message
N8Fear
Tux's lil' helper
Tux's lil' helper


Joined: 15 Apr 2013
Posts: 140
Location: Berlin (Germany)
PostPosted: Mon Mar 23, 2015 8:30 pm    Post subject: Reply with quote
I think you throw quite a bunch og things together here. I would propose you do your hardening in the following order:
1. switch to hardened NON-selinux profile, rebuild gcc, your lib c (I presume glibc) and binutils and world afterwards (likely it would be enough to rebuild @system and rebuild @world after switching to SELinux enabled profile - this may lead to some packages less to rebuild at the cost of a likely unusable desktop during the process).
2. Update kernel (possibly switching to hardened sources and PaX&grsecurity - though this is NOT required).
3. Switch your system to SELinux following this guide: https://wiki.gentoo.org/wiki/SELinux/Installation

If you try to mix these steps you're likely going to experience all kinds of breakage an pain ;-)
Option 2 would be to switch to SELinux on a non-hardened profile and possibly switch to a hardened SELinux profile afterwards. In any way you should finish switching to hardened before switching to SELinux or vice versa.
Back to top
View user's profile Send private message
SxN
Apprentice
Apprentice


Joined: 08 Jan 2007
Posts: 165
Location: Toronto, ON, Canada
PostPosted: Tue Mar 24, 2015 1:10 pm    Post subject: Reply with quote
Will try to follow these steps, thank you!

SxN
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2024 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy