Translations:Hardened Gentoo/34/en

From Gentoo Wiki
Jump to: navigation, search
  • Enabling specific options in the toolchain (compiler, linker ...) such as forcing position-independent executables (PIE), stack smashing protection and compile-time buffer checks.
  • Enabling PaX extensions in the Linux kernel, which offer additional protection measures like address space layout randomization and non-executable memory.
  • Enabling grSecurity extensions in the Linux kernel, including additional chroot restrictions, additional auditing, process restrictions, etc..
  • Enabling SELinux extensions in the Linux kernel, which offers a Mandatory Access Control system enhancing the standard Linux permission restrictions.
  • Enabling Integrity related technologies, such as Integrity Measurement Architecture, for making systems resilient against tampering