Joined: 20 Feb 2003
Location: Wiltshire, UK
|Posted: Sun Apr 12, 2015 1:58 pm Post subject: Commands not completing with hardened kernel
|Executive summary: Switched to hardened-sources and after about 24 hours commands wouldn't complete.
In an effort to improve security I recently switched my server from a normal kernel to hardened-sources-3.18.9. All seemed well for about 24 hours, my services ran fine, I could log and use emerge without any problems. Then suddenly I got a weird problem whereby the command prompt would not re-appear after a command was run. To be clear: I could still log in either on the console or via ssh. I would get a prompt after login and I might then type - for example - 'ls'. The ls command would run correctly, but no command prompt would appear afterwards. Ctrl-C and Ctrl-D made no difference. All my services still seemed to be running OK (nfsd, Asterisk, Apache, dns etc) although mythfrontend started to complain and my KVM VM was also still running OK. Finally I had to reboot back to a normal kernel.
I would like to go back to hardened if possible. Testing this issue is going to be a bit tricky as this is our main house server and any problems with it tend to produce domestic unhappiness! The delay between booting and seeing the problem is also a bit of an issue. If I set the machine running and go to work and then it packs in I could be in trouble (I can't do remote admin from work).
When choosing kernel settings I selected the following grsecurity options:
Virtualization Hardware First-Gen
Virtualization Software KVM
The machine is an Athlon 64 3200+. My KVM client also runs the same hardened kernel, but obviously with some different options and it has worked just fine for ages.
Has anyone come across anything like this before?