Adds research/hardened

author: Silvio Rhatto <rhatto@riseup.net> 2017-04-18 20:28:48 -0300
committer: Silvio Rhatto <rhatto@riseup.net> 2017-04-18 20:28:48 -0300
commit: 2a26a582b5217524a82bb47646f470fb82e8a419 (patch)
tree: 3402c16c094772f9ab8607968c3dff6c20a866b1 /research
parent: d63dd8215b71ee2653f44467525b9943493a8b3a (diff)
download: blog-2a26a582b5217524a82bb47646f470fb82e8a419.tar.gz
blog-2a26a582b5217524a82bb47646f470fb82e8a419.tar.bz2
1 files changed, 28 insertions, 0 deletions
diff --git a/research/hardened.mdwn b/research/hardened.mdwn
new file mode 100644
index 0000000..15acd17
--- /dev/null
+++ b/research/hardened.mdwn
@@ -0,0 +1,28 @@
+[[!meta title="Hardened OS"]]
+
+grsecurity
+----------
+
+Basic install:
+
+    sudo apt-get -t jessie-backports install linux-image-4.9.0-2-grsec-amd64 linux-image-grsec-amd64
+    sudo apt-get install paxtest
+    sudo usermod -aG grsec-tpe `whoami`
+
+As root:
+
+    echo "kernel.grsecurity.rwxmap_logging = 0" > /etc/sysctl.d/kernel.grsecurity.rwxmap_logging.conf 
+    echo "kernel.grsecurity.grsec_lock = 1"     > /etc/sysctl.d/kernel.grsecurity.grsec_lock.conf
+
+As regular user, after reboot:
+
+    paxctl -cm /usr/bin/git-annex
+    paxctl -cm /usr/bin/qemu-img
+    paxctl -cm /usr/bin/qemu-system-x86_64
+
+References
+----------
+
+* https://micahflee.com/2016/01/debian-grsecurity/
+* https://nixaid.com/grsec-in-docker/
+* https://hardenedlinux.github.io/
author	Silvio Rhatto <rhatto@riseup.net>	2017-04-18 20:28:48 -0300
committer	Silvio Rhatto <rhatto@riseup.net>	2017-04-18 20:28:48 -0300
commit	2a26a582b5217524a82bb47646f470fb82e8a419 (patch)
tree	3402c16c094772f9ab8607968c3dff6c20a866b1 /research
parent	d63dd8215b71ee2653f44467525b9943493a8b3a (diff)
download	blog-2a26a582b5217524a82bb47646f470fb82e8a419.tar.gz blog-2a26a582b5217524a82bb47646f470fb82e8a419.tar.bz2