grsecurity installation

H

hexadomain

Verified User
Joined
Mar 2, 2014
Messages
16
Hello,

I am about to install grsecurity kernel patch on my server with centos 6 x64 which has directadmin installed on it.

Is grsecurity compatible with grsecurity?
Does directadmin support kernel 3.x?
Should i upgrade my kernel to 3.x?
or i just install grsecurity with current kernel?(2.6.32)


and at last anyone knows good guide for install grsecurity?
 
hexadomain said:
Is grsecurity compatible with grsecurity?
Click to expand...
Is it compatible with itself? Likely it is :).
Does directadmin support kernel 3.x?
Click to expand...
DirectAdmin should work with any kernel, but that doesn't mean it would work with grsecurity.

It depends on what grsecurity does. If it imposes run limits outside of standard Linux security rules then it might cause a lot of problems because every time you add a user you'd have to give that user permissions in a lot of areas, and currently DirectAdmin relies on Linux normal security rules.

And then you'd need to ask yourself how much you'd gain anyway, since by nature a shared server must have a lot of open-ness to the Internet.

Jeff
 
Grsecurity is kind of the best in Linux security, these guys are on top of everything for many years.

http://grsecurity.net/compare.php

I think it's recommended to use this in shared hosting, it can prevent root/kernel exploits if there is an exploitable bug in e.g. apache/php (either through a local user or even public).

If I recall correctly the author of mod_ruid2 also recommends using it.

Thing is, you need to know what you're doing. Judging by the questions you asked you won't get everything working correctly any time soon.

Alternatively you could use CloudLinux, which also tightens security, in a different way. See this thread on WHT about GRSec vs CL.
 
Pretty sure if it was beneficial it would already be in the default kernel. Its just for people who are paranoid and want to be overly secure.
 
You must log in or register to reply here.
Back
Top