From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1LHXWf-00089p-8s for garchives@archives.gentoo.org; Tue, 30 Dec 2008 05:52:21 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id A04AFE0400; Tue, 30 Dec 2008 05:52:18 +0000 (UTC) Received: from homeless.linbsd.net (homeless.linbsd.net [64.127.112.66]) by pigeon.gentoo.org (Postfix) with ESMTP id 78131E0400 for ; Tue, 30 Dec 2008 05:52:18 +0000 (UTC) Received: from [192.168.0.67] (209-180-235-128.eugn.qwest.net [209.180.235.128]) by homeless.linbsd.net (Postfix) with ESMTPA id 05F2758963 for ; Mon, 29 Dec 2008 21:52:17 -0800 (PST) Subject: Re: [gentoo-hardened] Profile switch: hardened to non-hardened? From: Ned Ludd To: gentoo-hardened@lists.gentoo.org In-Reply-To: <49bf44f10812291705r12a6ac9akb4360eac91d8995e@mail.gmail.com> References: <49bf44f10812231323t7b5371eaj6a082f56f17b01e0@mail.gmail.com> <897813410812250830i2f910883n62b426dbe5a0329a@mail.gmail.com> <49bf44f10812251752j6ab40c33jd31c15f5a849454c@mail.gmail.com> <897813410812261117t40f2fecdu8b42f530788f47ec@mail.gmail.com> <49bf44f10812261247l2997a51axe9a3b5a581994f0b@mail.gmail.com> <897813410812270049x661a7a3el7913d39fe4fbd108@mail.gmail.com> <49bf44f10812270747y9f5bee3jb192efa6e911b999@mail.gmail.com> <897813410812270818u49459nd83e9f628e946e07@mail.gmail.com> <49bf44f10812271230p7558e8fbt819e595e1cbc960b@mail.gmail.com> <1230417351.8383.17.camel@localhost> <49bf44f10812291705r12a6ac9akb4360eac91d8995e@mail.gmail.com> Content-Type: text/plain Date: Mon, 29 Dec 2008 21:52:16 -0800 Message-Id: <1230616337.5528.9.camel@localhost> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-hardened@lists.gentoo.org Reply-to: gentoo-hardened@lists.gentoo.org Mime-Version: 1.0 X-Mailer: Evolution 2.22.3.1 Content-Transfer-Encoding: 7bit X-Archives-Salt: 297a09fc-ecf2-4ea2-886a-15cf0d590cab X-Archives-Hash: 418ae02ca2c82e342c9d2ad6407c69b5 On Mon, 2008-12-29 at 17:05 -0800, Grant wrote: > >> What else would you recommend for me? > > > > I'd suggest to completely ignore the grsec (low/med/high) options and > > use the Hardened Gentoo level in the hardened-sources all the time. > > > > Xorg should not cause problems unless you are stuck using 3rd party > > binary drivers. Most of us are using a hardened X setup. > > Excellent, thank you. You think the "Hardened Gentoo (workstation)" > and "Hardened Gentoo (server)" grsecurity setups are adequate > low-maintenance solutions? Re: "low maintenance" I'm not sure we can dumb down the hardening efforts anymore than we already have. It's all pretty transparent and seems mostly like a normal install of anything else. The ELF's are just smarter. > What does a hardened profile do for my server? Enables things to match the kernel options/blocks things that conflict.