Enhancing kernel security with grsecurity

Filed under
HowTos

Is your server as secure as it could be? Sure, you use a firewall, mandate strong passwords, and patch regularly. You even take a proactive approach by performing security audits with tools such as nmap and Nessus. Yet you may still be vulnerable to zero-day exploits and privilege escalation attacks. If these possibilities keep you awake at night, you're not alone. The sleepless folks with the grsecurity project have developed an easy-to-use set of security enhancements to help put your fears to rest.

To say that grsecurity provides many enhancements is an understatement. There are more than 30 options to choose from after installation.

Take note that grsecurity requires the use of a vanilla kernel from www.kernel.org. The kernel source supplied by your distribution's vendor has most likely been patched beyond recognition to grsecurity. With that caveat in mind, installation is simple.

Full Story.