Talk:Hardened/Grsecurity2 Quickstart
From Gentoo Wiki
Note
Before creating a discussion or leaving a comment, please read about using talk pages. To create a new discussion, click here. Comments on an existing discussion should be signed using
Before creating a discussion or leaving a comment, please read about using talk pages. To create a new discussion, click here. Comments on an existing discussion should be signed using
~~~~
:
A comment [[User:Larry|Larry]] 13:52, 13 May 2024 (UTC) : A reply [[User:Sally|Sally]] 10:49, 12 December 2024 (UTC) :: Your reply ~~~~
Navigate to first
Missing kernel options
Talk status
This discussion is still ongoing.
During configuration of sys-kernel/hardened-sources-3.11.7-r1 for x64 virtual machine I've noticed that these kernel options don't exist anymore:
CONFIG_GRKERNSEC_AUDIT_IPC CONFIG_GRKERNSEC_AUDIT_TEXTREL CONFIG_GRKERNSEC_EXECVE CONFIG_GRKERNSEC_RANDPID CONFIG_GRKERNSEC_RANDID CONFIG_GRKERNSEC_RANDSRC CONFIG_GRKERNSEC_RANDRPC
Maybe an update to Wiki page needed?
Besides that I've noticed new options, that should be on Wiki page also:
CONFIG_GRKERNSEC_SYSCTL=y CONFIG_GRKERNSEC_SYSCTL_ON=y
First one enables the ability to change /proc/sys/kernel/grsecurity/*, and the second one enables everything by default without the need to write to /etc/sysctl.conf things like:
kernel.grsecurity.chroot_deny_sysctl = 1 kernel.grsecurity.chroot_caps = 1
Hope this will be helpful. — The preceding unsigned comment was added by Stan31337 (talk • contribs)