Jump to content

Grsecurity

75% developed
From Wikibooks, open books for an open world

grsecurity is a set of patches for the Linux kernel with an emphasis on enhancing security. It allows the system administrator to, among other things, define a least privilege policy for the system, in which every process and user have only the lowest privileges needed to function.

This book is intended as a comprehensive up-to-date user guide about setting up and administrating a grsecurity-enabled system.

Table of Contents

[edit | edit source]

Introduction

[edit | edit source]
Overview 100% developed  as of July 02, 2010
Terminology 100% developed  as of July 28, 2013
How to Contribute 100% developed  as of July 28, 2013

Installation

[edit | edit source]
Obtaining Required Components 100% developed  as of Jul 24, 2009
Downloading grsecurity
Downloading gradm
Downloading the Linux Kernel
Verifying the Downloads
Configuring and Installing grsecurity 100% developed  as of Jan 02, 2010
Patching Your Kernel with grsecurity
Configuring the Kernel
Compiling and Installing the Kernel

Administration

[edit | edit source]
The Administration Utility (gradm) 75% developed  as of Jul 23, 2009
Installation
Usage
Learning Mode
Additional Utilities 75% developed  as of Jul 23, 2009
Controlling PaX Flags (paxctl)
Displaying Program Capabilities (pspax)
Managing the Executable Stack of Binaries (execstack)
Runtime Configuration Through sysctl 100% developed  as of Jul 23, 2009
Troubleshooting

Policy Configuration

[edit | edit source]
The RBAC System in grsecurity 75% developed  as of Jan 02, 2010
What Is an RBAC System?
Limitations of any Access Control System 25% developed  as of Sept 18, 2009
Policy Structure 100% developed  as of Jan 02, 2010
Rules for Policies 25% developed  as of Sept 18, 2009
Roles 75% developed  as of Sept 14, 2009
Subjects 50% developed  as of Nov 10, 2013
Domains 100% developed  as of Jan 02, 2010
Capability Restrictions 75% developed  as of Sept 13, 2009
Resource Restrictions 75% developed  as of Jan 02, 2010
Socket Policies 75% developed  as of Sept 13, 2009
PaX Flags 100% developed  as of Sept 13, 2009
Flow of Matches 75% developed  as of Sept 13, 2009
Policy Recommendations 25% developed  as of Sept 13, 2009
Sample Policies 50% developed  as of Sept 13, 2009

Application-specific Settings

[edit | edit source]
Show full list / Add Application
ATI Catalyst (fglrx)
cPanel jailshell
Firefox/Iceweasel
Google Chrome
Grub
GUFW/UFW firewalls or Update Manager
IOQuake3
ISC DHCP Server
Java
Nagios
Node.js
Openoffice.org
PHP and other applications that set their own resource limits
X.org

Reporting Bugs

[edit | edit source]
Reporting bugs 75% developed  as of Sept 27, 2009
Contacts
Requirements

Appendix

[edit | edit source]

Lists

[edit | edit source]
Grsecurity and PaX Configuration Options 100% developed  as of Jul 23, 2009

Tables

[edit | edit source]
Role Modes 100% developed  as of Sept 11, 2009
Role Attributes 100% developed  as of Sept 11, 2009
Subject Modes 100% developed  as of Sept 12, 2009
Subject Attributes 100% developed  as of Sept 12, 2009
Object Modes 100% developed  as of Sept 13, 2009
PaX Flags 100% developed  as of Jul 24, 2009
Capability Names and Descriptions 100% developed  as of Jul 24, 2009
System Resources 100% developed  as of Sept 11, 2009
Sysctl Options 100% developed  as of Jul 28, 2013

Credits and Permissions

[edit | edit source]

See Credits and Permissions for details about copyright and references of this document.

[edit | edit source]