From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1LHT37-0000h1-4F for garchives@archives.gentoo.org; Tue, 30 Dec 2008 01:05:34 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 97D6EE035B; Tue, 30 Dec 2008 01:05:31 +0000 (UTC) Received: from mail-bw0-f12.google.com (mail-bw0-f12.google.com [209.85.218.12]) by pigeon.gentoo.org (Postfix) with ESMTP id 2CF11E035B for ; Tue, 30 Dec 2008 01:05:31 +0000 (UTC) Received: by bwz5 with SMTP id 5so6856654bwz.10 for ; Mon, 29 Dec 2008 17:05:30 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:in-reply-to:mime-version:content-type :content-transfer-encoding:content-disposition:references; bh=I4NH4grpEOshqkeAWDw+GPG11hM3ne+BeDf+dHQfJfY=; b=SfaynVrrqolBifa4wwy1EiP+zs5JXC51nP/+0mUZ9iI5el3fuZvwK9XWHOtG5yopJF OUgHhRevFymMKwAVqYzXCRKPmzlvB/2JUbBVrRttla0CUC7Rj0/1+/BkiVcNcK89hPne FYZ2qupRauxaUTJ5TfJfZ3BdI65U2Jd3uOs9Q= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:in-reply-to:mime-version :content-type:content-transfer-encoding:content-disposition :references; b=r7ZqzKRqOkYB5YglFbHfN5I1TVi2J8VKkwEZPnV2ZzHKb4NpugjBzZrknwVA+HpQ5j WgfguGrqKn3hj3g+5jQ/UdhhLNF2v05bcHl6WncoThYNfXZjcMyY67wAkvZZhkuuD/HY XU8MPUXh1ibEKmzecEVwlmjdU/s7TPV8LYwcE= Received: by 10.180.241.8 with SMTP id o8mr5424700bkh.102.1230599130423; Mon, 29 Dec 2008 17:05:30 -0800 (PST) Received: by 10.181.16.3 with HTTP; Mon, 29 Dec 2008 17:05:30 -0800 (PST) Message-ID: <49bf44f10812291705r12a6ac9akb4360eac91d8995e@mail.gmail.com> Date: Mon, 29 Dec 2008 17:05:30 -0800 From: Grant To: gentoo-hardened@lists.gentoo.org Subject: Re: [gentoo-hardened] Profile switch: hardened to non-hardened? In-Reply-To: <1230417351.8383.17.camel@localhost> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-hardened@lists.gentoo.org Reply-to: gentoo-hardened@lists.gentoo.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <49bf44f10812231323t7b5371eaj6a082f56f17b01e0@mail.gmail.com> <897813410812250830i2f910883n62b426dbe5a0329a@mail.gmail.com> <49bf44f10812251752j6ab40c33jd31c15f5a849454c@mail.gmail.com> <897813410812261117t40f2fecdu8b42f530788f47ec@mail.gmail.com> <49bf44f10812261247l2997a51axe9a3b5a581994f0b@mail.gmail.com> <897813410812270049x661a7a3el7913d39fe4fbd108@mail.gmail.com> <49bf44f10812270747y9f5bee3jb192efa6e911b999@mail.gmail.com> <897813410812270818u49459nd83e9f628e946e07@mail.gmail.com> <49bf44f10812271230p7558e8fbt819e595e1cbc960b@mail.gmail.com> <1230417351.8383.17.camel@localhost> X-Archives-Salt: 8a941c6f-24a6-40b7-8095-afede3acb5df X-Archives-Hash: 9c7a0e1aeb0460ff61ca7f712442c422 >> What else would you recommend for me? > > I'd suggest to completely ignore the grsec (low/med/high) options and > use the Hardened Gentoo level in the hardened-sources all the time. > > Xorg should not cause problems unless you are stuck using 3rd party > binary drivers. Most of us are using a hardened X setup. Excellent, thank you. You think the "Hardened Gentoo (workstation)" and "Hardened Gentoo (server)" grsecurity setups are adequate low-maintenance solutions? What does a hardened profile do for my server? - Grant