Ok here is the script I wrote for downloading the latest kernel and grsecurity patch, patching the kernel, and then building it. It grabs the config file I made up for single processor pentium 4 based servers. Security setting is set to low with proc restrcitions where users can only see their processes. Also all xtables, iptables and other common features are enabled.
I have tired this on a fedora server and it done great so if everyone else likes it I will make one for amd as well.
I also will be making and updated howto for those who wish to go over their config manually.
If anyone has any feedback or suggestions or to report a problem simply post in the forum or come look for us in IRC.
Here is how to get the script going
Give it a while to compile and install then when it is done do this
Then reboot or better yet have your datacenter reboot in case the kernel panics.
You shouldnt have no problems if you are on centos with pentium 4 based server. It took me a few kernel panics and testing various things to get this config right. It is about as much security features as you can use without causing anything to break. So bascially as restrictive as you can get on a hosting server.
I have tired this on a fedora server and it done great so if everyone else likes it I will make one for amd as well.
I also will be making and updated howto for those who wish to go over their config manually.
If anyone has any feedback or suggestions or to report a problem simply post in the forum or come look for us in IRC.
Here is how to get the script going
Code:
cd /usr/src
Code:
wget [url]www.evolution-security.com/files/grkern.sh[/url]
Code:
chmod 755 grkern.sh
Code:
./grkern.sh
Give it a while to compile and install then when it is done do this
Code:
grub
savedefault --default=0 --once
quit
Then reboot or better yet have your datacenter reboot in case the kernel panics.
You shouldnt have no problems if you are on centos with pentium 4 based server. It took me a few kernel panics and testing various things to get this config right. It is about as much security features as you can use without causing anything to break. So bascially as restrictive as you can get on a hosting server.