Questions tagged [grsecurity]

A set of Linux kernel security-oriented patches implementing, among others, least privilege control for memory pages and other resources.

Grsecurity can be viewed as an extra way of hardening Linux kernel with in mind. An official guide to grsecurity can be found at https://en.wikibooks.org/wiki/Grsecurity.

Grsecurity's authors do not accept the mainstream Linux development approach of writing Linux Security Modules (LSMs) (, , TOMOYO, etc.).

7 questions
13
votes
2 answers

concrete real-life examples where grsecurity prevented an exploit

From theoretical point of view, grsecurity kernel patch looks like a great hardening tool. Most importantly, PaX seems like a good idea. Do these theoretical advantages have indeed practical effect in preventing malware attack/exploits/rootkits…
Martin Vegter
  • 1,826
  • 4
  • 27
  • 39
13
votes
2 answers

Is server hardening with grsecurity really necessary on the CentOS 6.3 environment?

I consider myself to be reasonably good with IT, however I am relatively fresh at server and system administration. I am a web developer for my company and I have been charged with setting up and migrating to a new VPS to get away from the shared…
Pierce
  • 233
  • 2
  • 8
5
votes
1 answer

How does reuse attack protection (RAP) work?

The grsecurity folks just released a test patch for the 4.5 Linux kernel which includes Return Address Reuse Attack Protection or RAP, a protection technique against return-oriented programming (ROP). Their slides are beyond comprehension for me at…
jotik
  • 221
  • 1
  • 7
3
votes
1 answer

What is KSPP (Kernel self-protection project)?

What is KSPP? I saw it being compared to and called a competitor to grsecurity, but I can't find a patch or Git repository to download. Is it just an idea/manifesto or something real, with a concrete patch/repository …
Vi.
  • 219
  • 2
  • 10
2
votes
1 answer

Are grsecurity kernels available through Arch and Gentoo repos suitable for production?

From grsecurity announce (August 26, 2015): The test series, unfit in our view for production use, will however continue to be available to the public to avoid impact to the Gentoo Hardened and Arch Linux communities Does versions available…
olmstad
  • 123
  • 3
1
vote
0 answers

Sandboxing applications and files in Debian & GrSecurity

I'm about to switch from Linux Mint to Debian. But before doing that I'm still looking into a few things to secure Debian. 1) The first thing I want is a kind of 'sandboxing' technology. This to separate/protect Firefox from the rest of my system,…
O'Niel
  • 2,740
  • 3
  • 17
  • 28
0
votes
1 answer

Restrict privileged users from accessing certain directories on Linux servers with Grsecurity?

My question is similar to these: Protect sensitive data from sysadmin prying eyes Restrict access to a specific directory on Linux From those, I understand that SELinux could accomplish my goal. But we do not have the resources to use SELinux,…
MountainX
  • 340
  • 4
  • 13