blob: 15acd1720dcb48835913ce573028daddfc5de91d (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
|
[[!meta title="Hardened OS"]]
grsecurity
----------
Basic install:
sudo apt-get -t jessie-backports install linux-image-4.9.0-2-grsec-amd64 linux-image-grsec-amd64
sudo apt-get install paxtest
sudo usermod -aG grsec-tpe `whoami`
As root:
echo "kernel.grsecurity.rwxmap_logging = 0" > /etc/sysctl.d/kernel.grsecurity.rwxmap_logging.conf
echo "kernel.grsecurity.grsec_lock = 1" > /etc/sysctl.d/kernel.grsecurity.grsec_lock.conf
As regular user, after reboot:
paxctl -cm /usr/bin/git-annex
paxctl -cm /usr/bin/qemu-img
paxctl -cm /usr/bin/qemu-system-x86_64
References
----------
* https://micahflee.com/2016/01/debian-grsecurity/
* https://nixaid.com/grsec-in-docker/
* https://hardenedlinux.github.io/
|