Master's Student: A Quick and Dirty Guide To Kernel Hardening with GrSecurity
1 - 2 min read
Dec 20, 2007
The combination of the Linux kernel and GNU packages has always been regarded as a secure operating system, but can it be more secure? Kernel hardening is the answer to tightening up the Linux backbone. GrSecurity, a kernel patch for Linux, is one of the more popular approaches...
One of the most significant feature is the addition of a role-based access control system (RBAC) that monitors what each user can execute based on their role and denies execution if they overstep their pre-defined rules.
By: Gian G. Spicuzza ; www.8ciphers.com
The combination of the Linux kernel and GNU packages has always been regarded as a secure operating system, but can it be more secure? Kernel hardening is the answer to tightening up the Linux backbone. GrSecurity, a kernel patch for Linux, is one of the more popular approaches. After applying this patch and compiling a fresh kernel, your system will have a plethora of new security features.
The most significant feature is the addition of a role-based access control system (RBAC) that monitors what each user can execute based on their role and denies execution if they overstep their pre-defined rules. Other useful features include ip-based rules, extensive chroot restrictions, address space modification restrictions (PaX), auditing/logging features and /proc and dmesg anti-leak features. A full feature list can be found at the Grsecurity homepage.
Installing Grsecurity:
First we need to download the Linux kernel and Grsec patch.
$ wget $ wgetFor your convenience, the PGP keys are located at:
https://grsecurity.net/spender-gpg-key.asc
.sign
Move the kernel and patch into the /usr/src directory.
$ su -cThe link for this article located at www.8ciphers.com is no longer available.
