From 7f52a0acea5d766c0c25997df1dd907162db0407 Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Sun, 17 Jan 2021 14:32:44 -0300 Subject: Fix: remove old, incomplete research --- research/hardened.md | 44 -------------------------------------------- 1 file changed, 44 deletions(-) delete mode 100644 research/hardened.md (limited to 'research/hardened.md') diff --git a/research/hardened.md b/research/hardened.md deleted file mode 100644 index f59a43e..0000000 --- a/research/hardened.md +++ /dev/null @@ -1,44 +0,0 @@ -[[!meta title="Hardened OS"]] -[[!tag research hardened grsecurity security]] - -grsecurity ----------- - -Basic install: - - sudo apt-get -t jessie-backports install linux-image-4.9.0-2-grsec-amd64 linux-image-grsec-amd64 - sudo apt-get install paxtest - sudo usermod -aG grsec-tpe `whoami` - -As root: - - echo "kernel.grsecurity.rwxmap_logging = 0" > /etc/sysctl.d/kernel.grsecurity.rwxmap_logging.conf - echo "kernel.grsecurity.grsec_lock = 1" > /etc/sysctl.d/kernel.grsecurity.grsec_lock.conf - -As regular user, after reboot: - - paxctl -cm /usr/bin/git-annex - paxctl -cm /usr/bin/qemu-img - paxctl -cm /usr/bin/qemu-system-x86_64 - -Further research ----------------- - -LXC unprivileged containers for GUI applications: - -* [LXC 1.0: GUI in containers [9/10] | Stéphane Graber's website](https://stgraber.org/2014/02/09/lxc-1-0-gui-in-containers/). -* [Configuring Unprivileged LXC containers in Debian Jessie](https://myles.sh/configuring-lxc-unprivileged-containers-in-debian-jessie/). -* [LXC - Debian Wiki](https://wiki.debian.org/LXC). - -References ----------- - -* https://micahflee.com/2016/01/debian-grsecurity/ -* https://nixaid.com/grsec-in-docker/ -* https://hardenedlinux.github.io/ -* https://packages.debian.org/stretch/bubblewrap -* https://packages.debian.org/stretch/runc -* https://github.com/projectatomic/bubblewrap -* https://github.com/opencontainers/runc -* https://github.com/thestinger/playpen -* https://github.com/omegaup/minijail -- cgit v1.2.3