search for: grsecur

Displaying 20 results from an estimated 51 matches for "grsecur".

Did you mean: grsec
2012 Jul 22
1
Linux-grsecurity on Xen dom0
Hi guys, I''m looking for every possible way to secure my dom0 before shipping it out to the datacenter, and grsecurity/pax was one such option. I tried installing the binaries from the Arch Linux repos, but had little success with them (Xen kernel loaded, passed to dom0, then promptly rebooted). I had no clues in kernel.log or dmesg, both seemed normal. Any suggestions or advice? ___________________________...
2003 Apr 27
1
dovecot and grsecurity (problem with resource limits)
Howdy folks ! I just added Dovecot as a standard package to Devil-Linux and ran into a problem with resource limits. Grsecurity (http://www.grsecurity.net) is used in DL to prevent problems with common exploits, it also reports violations of rlimits. The following messages show up in the log, but it seems that the IMAP Server works fine: Apr 26 19:20:04 src at gate imap-login: Login: hz [192.168.0.11] Apr 26 19:20:05...
2001 Nov 11
1
problems when patching 2.4.14
If I patch the 2.4.14 kernel with the grsecurity patch first I get errors while patching the ext3 patch. the link for the grsecuritypatch is http://www.grsecurity.net/download.htm (which ever patch I do first works fine..the onther patch fails) this is the error I get fro patching the ext3 patch second (I get an error inthe same place if...
2004 Aug 26
1
GRSecurity and ALSA on a Gentoo Server
...know that Asterisk is fully capable of running on a machine with No Sound card, my Fedora servers have no sound card, but by ommitting "alsa" in my USE flags, will Asterisk be compiled in a way that would make it less functional? My last question, sorry guys (and girls), is about the grsecurity in the 2.4 kernel (I chose 2.4 instead of 2.6). I set it to "low" for now, as it said it wouldn't cause any compatibility issues with 99% of the programs. Has anybody tried medium, or even high, with Asterisk? How secure can you get the kernel without interfering with Asterisk....
2004 Sep 07
1
stealt match grsecurity
hi, can i use shorewall with configured stealth match. it described as followed: Enabling this option will drop all syn packets coming to unserved tcp ports as well as all packets coming to unserved udp ports. If you are using your system to route any type of packets (ie. via NAT) you should put this module at the end of your ruleset, since it will drop packets that aren''t going to
2003 Jun 15
1
Dovecot will not run on secure kernel.
I am trying to run Dovecot on RH 7.3 with Linux kernel 2.4.20 + GrSecurity patch. I downloaded the RPM yesterday and installed it. When I start Dovecot the kernel reports: kernel: grsec: From 192.168.1.22: attempt to overstep process limit by (dovecot:14491) UID(0) EUID(0), parent (dovecot:23872) UID(0) EUID(0) I have never seen this problem in the 3 years I have use...
2008 Jan 15
2
Out of memory [repost as a new thread]
Hi, this happens since a few days on a Gentoo hardened system using a grsecurity enabled kernel running Dovecot 1.0.10, only to 2 of 10 users though: --8<-- kernel: grsec: From 192.168.0.1: denied resource overstep by \ requesting 537325568 for RLIMIT_AS against limit 536870912 \ for /usr/libexec/dovecot/imap[imap:15708] uid/euid:30010/30010 \ gid/egid:30006/30006, p...
2004 Jul 09
2
permission problem ??
version dovecot-1.0-test27: Jul 9 21:49:07 server dovecot: IMAP(testtest): mprotect() failed with index file /home/testtest/mail/.imap/INBOX/dovecot.index: Permission denied with version 0.99.10.6 i have no such troubles ... ? tx4hlp, joachim
2007 Sep 25
2
FW: Xen Kernel Debug Tools
...39;'xm list'' then shows the domain as crashed. Does the domain builder reside in the Dom0 kernel or is it a separate user space program? If it is a separate user space program, does it ''borrow'' any code or interfaces from the kernel source or xen-sparse tree? The grsecurity patches modify this code, and the non-grsec Dom0 referenced earlier was built from a non-patched Xen tree. >Are you using a debug build of Xen? You may get some more helpful >output. I''m not using a debug build. Do I just enable kernel debugging in the kernel .config or do I ne...
2005 Jan 26
1
Compiling xenlinux 2.4.29 with grsec.. help needed
...src.tgz and extracted it. I edited the toplevel Makefile to only compile 2.4.29-xenU. I ran "make world" and after a while xen and 2.4.29-xenU were built successfully. Then I changed to 2.4.29-xenU directory, and patched the sourcetree with grsec-patch[1] for linux 2.4.29 (patch -p1 < grsecuritypatch). Patching generated only one reject.. that being the toplevel Makefile and the extraversion in it. I changed the extraversion manually from "-xenU" to "-grsec-xenU". Then I copy&pasted the grsecurity configuration options from the end of arch/i386/config.in and...
2005 Jan 30
1
Kernel 2.6.10
Hello, now on my box I have Shorewall 2.0.7 who work fine but I want upgrade kernel to version 2.6.10 + Grsecurity, somebody have any problem with shorewall on this kernel? I read on one site that on this kernel APF don`t want work, APF users must change MONOKERN="0" to MONOKERN="1"! Shorewall? Thanks Sorry if my english bad! -- Best regards, Ratko mailto:rat...
2007 Oct 26
1
Linux grsec Guest on HVM Xen 3.1.1
...I first tried with the grsec- patched 2.6.14.6 sources but it is also the same failure with Gentoo''s hardened-sources-2.6.20-r10. Is this a known problem? Is there a workaround? Will this work sooner or later? I''m sorry for this maybe naive questions but I am new into this grsecurity domain. Thanks for any helpful answer. Reto Gantenbein _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
2003 Apr 29
1
Importing all users from /etc/shadow automatically (addtosmbpass not found)
Hy all! I'm new to this group, I welcome everyone. OS: Debian Woody 3.0, kernel 2.4.20-grsecurity Samba: 2.2.8a, compiled from source State: Samba up, and running Problem: I've got hundreads of unix users, and I don't want to import them one by one using smbpasswd. I've got a book from O'reilly wich is told to be the official. It says, this thing can be done by using the ...
2012 Mar 26
3
kernel autoconfigure ?
Anyone know if there is a kernel autoconfigure tool to compile from source ? thanks luigi -- Linux Server, Microsoft Windows 2003/2008 Server, Exchange 2007 http://predellino.blogspot.com/
2003 Apr 29
1
Windoze don't forget username/password (revalidate=yes why not working?)
Hy again! OS: Debian Woody 3.0, kernel 2.4.20-grsecurity Samba: 2.2.8a status: samba up, and running Problem: If I use a usrname/password on client machines, (win98 and winxp/2k) I could not log on as an other user to the machine, only if I logout, or reboot the client. I1ve read in O'reilly's samba book, that there is an option revalidate....
2008 Jan 15
4
Dovecot With cygwin
Hi This is jesse. I am running exim as my mail server on cygwin. But i need imap/pop3 for accessing mail. I found that dovecot works on cygwin with some code change. So can i know how to compile dovecot on cygwin. This is important ANYBODY ____________________________________________________________________________________ Be a better friend, newshound, and know-it-all with Yahoo!
2012 Feb 23
1
How to achieve proper privilege separation?
I'm using a simple mbox config with regular Unix users and pam authentication. I'm also using grsecurity. That's why I see what dovecot does in which users' name. As times goes by and new versions are coming I can frustratedly see, that more and more tasks are performed as root. Why? When I used 1.x series of Dovecot, imap process started in the name of the user whose mbox was accessed. No...
2016 Dec 17
1
[PATCH] drm/nouveau: use designated initializers
Prepare to mark sensitive kernel structures for randomization by making sure they're using designated initializers. These were identified during allyesconfig builds of x86, arm, and arm64, with most initializer fixes extracted from grsecurity. Signed-off-by: Kees Cook <keescook at chromium.org> --- drivers/gpu/drm/nouveau/nouveau_ttm.c | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/drivers/gpu/drm/nouveau/nouveau_ttm.c b/drivers/gpu/drm/nouveau/nouveau_ttm.c index a6dbe82580...
2002 Oct 03
4
Auditing filesystems for Linux?
Does anyone know of any Linux-based filesystem that does file-level auditing and logs based on username? Does ext2/3 do such auditing (stock or with patches)? I would like a filesystem that can be told to audit and log file deletions and log the username that deleted the file (similar to auditing on NTFS). I know, I should be using file permissions to prevent this type of deletion from
2002 Jan 16
1
crashing with ext3
hello! i'm using redhat 7.2 with ext3 as my primary fs on kernel 2.4.17 + grsecurity + acl after 2-3 days of uptime i'm expiriencing problems... i attached below excert from my system logs. machine stops responing for a few seconds and after then it looks, like it's in normal operation again. the only problem is load, which is incrementing constantly, but cpu is 99% id...