Grsecurity

From Wikibooks, the open-content textbooks collection
Jump to: navigation, search
Wikipedia-logo.png

Wikipedia has related information at PaX

grsecurity is a set of patches for the Linux kernel with an emphasis on enhancing security. It allows the system administrator to, among other things, define a least privilege policy for the system, in which every process and user have only the lowest privileges needed to function.

This book is intended as a comprehensive up-to-date user guide about setting up and administrating a grsecurity-enabled system.


Wikibook Development Stages
Sparse text 00%.svg Developing text 25%.svg Maturing text 50%.svg Developed text 75%.svg Comprehensive text: 100%.svg


Contents

[edit] Introduction

Overview 100% developed  as of Jul 02, 2010
Terminology 25% developed  as of Jul 24, 2009

[edit] Installation

Obtaining Required Components 100% developed  as of Jul 24, 2009
Downloading grsecurity
Downloading gradm
Downloading the Linux Kernel
Verifying the Downloads
Configuring and Installing grsecurity 100% developed  as of Jan 02, 2010
Patching Your Kernel with grsecurity
Configuring the Kernel
Compiling and Installing the Kernel

[edit] Administration

The Administration Utility (gradm) 75% developed  as of Jul 23, 2009
Installation
Usage
Learning Mode
Additional Utilities 75% developed  as of Jul 23, 2009
Controlling PaX Flags (paxctl)
Displaying Program Capabilities (pspax)
Managing the Executable Stack of Binaries (execstack)
Runtime Configuration Through sysctl 100% developed  as of Jul 23, 2009
Auditing
Format of Log Messages

[edit] Policy Configuration

The RBAC System in grsecurity 75% developed  as of Jan 02, 2010
What Is an RBAC System?
Limitations of any Access Control System 25% developed  as of Sept 18, 2009
Policy Structure 100% developed  as of Jan 02, 2010
Rules for Policies 25% developed  as of Sept 18, 2009
Roles 75% developed  as of Sept 14, 2009
Domains 100% developed  as of Jan 02, 2010
Capability Restrictions 75% developed  as of Sept 13, 2009
Resource Restrictions 75% developed  as of Jan 02, 2010
Socket Policies 75% developed  as of Sept 13, 2009
PaX Flags 100% developed  as of Sept 13, 2009
Flow of Matches 75% developed  as of Sept 13, 2009
Policy Recommendations 25% developed  as of Sept 13, 2009
Sample Policies 50% developed  as of Sept 13, 2009

[edit] Application-specific Settings

Show full list / Add Application
Firefox/Iceweasel
IOQuake3
Java
Openoffice.org
X.org

[edit] Reporting Bugs

Reporting bugs 75% developed  as of Sept 27, 2009
Contacts
Requirements

[edit] Appendix

[edit] Lists

Grsecurity and PaX Configuration Options 100% developed  as of Jul 23, 2009

[edit] Tables

Role Modes 100% developed  as of Sept 11, 2009
Role Attributes 100% developed  as of Sept 11, 2009
Subject Modes 100% developed  as of Sept 12, 2009
Subject Attributes 100% developed  as of Sept 12, 2009
Object Modes 100% developed  as of Sept 13, 2009
PaX Flags 100% developed  as of Jul 24, 2009
Capability Names and Descriptions 100% developed  as of Jul 24, 2009
System Resources 100% developed  as of Sept 11, 2009
Sysctl Options 100% developed  as of Jul 23, 2009

[edit] Credits and Permissions

See Credits and Permissions for details about copyright and references of this document.

[edit] External Links

Retrieved from "http://en.wikibooks.org/wiki/Grsecurity"