cd /usr/src
wget http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.17.11.tar.bz2
wget http://grsecurity.org/grsecurity-2.1.9-2.6.17.11-200608282236.patch.gz
tar -xjvf linux-2.6.17.11.tar.bz2
gunzip < default="0" requirements ="=">&1|grep reiserfsprogs
o xfsprogs 2.6.0 # xfs_db -V
o pcmciautils 004 # pccardctl -V
o quota-tools 3.09 # quota -V
o PPP 2.4.0 # pppd --version
o isdn4k-utils 3.1pre1 # isdnctrl 2>&1|grep version
o nfs-utils 1.0.5 # showmount --version
o procps 3.2.0 # ps --version
o oprofile 0.9 # oprofiled --version
o udev 081 # udevinfo -V
Kernel compilationroot@fast [~/support/linux-2.6.20/Documentation]# vi Changes
Basic tools:
automake
autocnf
binutils
bison
byac
cdecl
dev86
flex
gcc
gcc-c++
gdb
gettex
libtool
make
perl-CPAN
pkgconfig
python-devel
redhat-rpm-config
rpm-build
strace
texinfo
grsecurity
grsecurity is an innovative approach to security utilizing a multi-layered detection, prevention, and containment model. It is licensed under the GPL.
It offers among many other features:
- An intelligent and robust Role-Based Access Control (RBAC) system that can generate least privilege policies for your entire system with no configuration
- Change root (chroot) hardening
- /tmp race prevention
- Extensive auditing
- Prevention of arbitrary code execution, regardless of the technique used (stack smashing, heap corruption, etc)
- Prevention of arbitrary code execution in the kernel
- Randomization of the stack, library, and heap bases
- Kernel stack base randomization
- Protection against exploitable null-pointer dereference bugs in the kernel
- Reduction of the risk of sensitive information being leaked by arbitrary-read kernel bugs
- A restriction that allows a user to only view his/her processes
- Security alerts and audits that contain the IP address of the person causing the alert
No comments:
Post a Comment