Use grsecurity on critical machines!
Use grsecurity on critical machines!
Posted Dec 12, 2003 14:58 UTC (Fri) by emk (subscriber, #1128)Parent article: Lessons from the Debian compromise
The grsecurity patch to the Linux kernel does two highly useful things:
1) It breaks most exploits by heavily randomizing memory layouts, PIDs, and anything else it can find to randomize. It also makes quite a few things non-executable, even on Intel architectures.
2) It optionally allows you to set up advanced role-based ACLs, which allow you to ruthlessly strip privileges away from various processes on your server. In particular, you can drop unneeded capabilities from root processes, prevent fork/exec of all but a specified list of executables, and hide all but a tiny part of the filesystem.
If you use grsecurity in addition to your regular system hardening, you can make life very difficult for the crackers.
Posted Dec 13, 2003 7:58 UTC (Sat)
by penguinroar (guest, #14460)
[Link] (1 responses)
Intrusion detection is a harder nut to crack since a to vicious one will cry wolf to much. Some kind of self check of the kernel against a hash only readable and written once at boot maybe?
Posted Dec 13, 2003 19:16 UTC (Sat)
by giraffedata (guest, #1954)
[Link]
Maybe, but that wouldn't be a lesson learned from this incident. The kernel wasn't modified. (The problem is that the cracker was able to read kernel memory).
I agree with the parent poster, its time to harden the kernel a bit to keep ahead of the crackers. I dont meen that bugs should be downplayed but to have both belt and straps is by my own opinion a good thing. There are several implementations of hardened kernels but i havent seen any broad use of them yet. Use grsecurity on critical machines!
Some kind of self check of the kernel against a hash only readable and
written once at boot maybe?
hardening the kernel