Grsecurity Patched Kernel Install Script For Redhat based Pentium 4 servers

After a lil work getting the config right for s hosting/shell server I finally came up with the script that will patch, compile, and install the gresecurity patched kernel. You just run the shell script and it will download the kernel and patch, patch the kernel, download the config, and then compile and install.
The config I got made up is for Pentium4/Xeon/Celeron based servers. It includes all necessary option for an average pentium based server with single processor. The grsecurity level is set to low along with proc restrictions where users can see only their processes, I find the proc restrictions more of a convenience then actual security procedure because shell users do not have to go through all the processes to find theirs nor do they have to do ps -u so it is a pretty handy feature.
All xtables, iptables, and such are enabled. Lots of generic options are selected but nothing that is not needed by at least some machines.
I have ran this script successfully on a fedora and 2 centos servers and it done just fine. As far as stricter security options and pax goes a lot of them do not work well with your typical hosting server. The way it is now it is very secure and protected against local exploits while stoill being totaly functional and not over restrictive.
To get instructions on running this go here
http://www.evolution-security.com/modules.php?name=News&file=article&sid=298
Nobody should have any problems what so ever if you are running a pentium 4 based single cpu server with 512mb-2gb ram. Let me know if anyone has any problems or needs any help.
I figured quite a few people could find this handy, not just beginners but for busy admins who do not have the time to do all this and sit and watch it. It is nothing but a simple sh script, there is no shellcode or any other code involved.
-
- felosi's blog
- Login or register to post comments
Printer-friendly version
- 3369 reads
PDF version
More in Tux Machines
- Highlights
- Front Page
- Latest Headlines
- Archive
- Recent comments
- All-Time Popular Stories
- Hot Topics
- New Members
How to Run Android Apps and Games on Linux
Want to run Android apps on Linux? How about play Android games? Several options are available, but the one that works the best is Anbox, a useful tool that runs your favorite Android apps on Linux without emulation.
Here’s how to get it up and running on your Linux PC today.
| SUSE: openSUSE Tumbleweed and SUSE in HPC
|
OPNsense 18.1.6
For more than 3 years now, OPNsense is driving innovation through modularising and hardening the code base, quick and reliable firmware upgrades, multi-language support, fast adoption of upstream software updates as well as clear and stable 2-Clause BSD licensing.
| Turris MOX is a Modular & Open Source Router
A company from the Czech Republic is trying to raise money to bring a modular and open source router to the public. It has a number of features that can’t be found in the current line up of routers available for purchase.
|
Recent comments
2 hours 5 min ago
4 hours 32 sec ago
4 hours 1 min ago
4 hours 2 min ago
4 hours 2 min ago
8 hours 15 min ago
16 hours 13 min ago
16 hours 24 min ago
23 hours 17 min ago
2 days 1 hour ago