search for: grsecurity

Hi guys, I''m looking for every possible way to secure my dom0 before shipping it out to the datacenter, and grsecurity/pax was one such option. I tried installing the binaries from the Arch Linux repos, but had little success with them (Xen kernel loaded, passed to dom0, then promptly rebooted). I had no clues in kernel.log or dmesg, both seemed normal. Any suggestions or advice? ______________________________...

Howdy folks ! I just added Dovecot as a standard package to Devil-Linux and ran into a problem with resource limits. Grsecurity (http://www.grsecurity.net) is used in DL to prevent problems with common exploits, it also reports violations of rlimits. The following messages show up in the log, but it seems that the IMAP Server works fine: Apr 26 19:20:04 src at gate imap-login: Login: hz [192.168.0.11] Apr 26 19:20:05 sr...

If I patch the 2.4.14 kernel with the grsecurity patch first I get errors while patching the ext3 patch. the link for the grsecuritypatch is http://www.grsecurity.net/download.htm (which ever patch I do first works fine..the onther patch fails) this is the error I get fro patching the ext3 patch second (I get an error inthe same place if I p...

...know that Asterisk is fully capable of running on a machine with No Sound card, my Fedora servers have no sound card, but by ommitting "alsa" in my USE flags, will Asterisk be compiled in a way that would make it less functional? My last question, sorry guys (and girls), is about the grsecurity in the 2.4 kernel (I chose 2.4 instead of 2.6). I set it to "low" for now, as it said it wouldn't cause any compatibility issues with 99% of the programs. Has anybody tried medium, or even high, with Asterisk? How secure can you get the kernel without interfering with Asterisk....

hi, can i use shorewall with configured stealth match. it described as followed: Enabling this option will drop all syn packets coming to unserved tcp ports as well as all packets coming to unserved udp ports. If you are using your system to route any type of packets (ie. via NAT) you should put this module at the end of your ruleset, since it will drop packets that aren''t going to

I am trying to run Dovecot on RH 7.3 with Linux kernel 2.4.20 + GrSecurity patch. I downloaded the RPM yesterday and installed it. When I start Dovecot the kernel reports: kernel: grsec: From 192.168.1.22: attempt to overstep process limit by (dovecot:14491) UID(0) EUID(0), parent (dovecot:23872) UID(0) EUID(0) I have never seen this problem in the 3 years I have used G...

Hi, this happens since a few days on a Gentoo hardened system using a grsecurity enabled kernel running Dovecot 1.0.10, only to 2 of 10 users though: --8<-- kernel: grsec: From 192.168.0.1: denied resource overstep by \ requesting 537325568 for RLIMIT_AS against limit 536870912 \ for /usr/libexec/dovecot/imap[imap:15708] uid/euid:30010/30010 \ gid/egid:30006/30006, pare...

version dovecot-1.0-test27: Jul 9 21:49:07 server dovecot: IMAP(testtest): mprotect() failed with index file /home/testtest/mail/.imap/INBOX/dovecot.index: Permission denied with version 0.99.10.6 i have no such troubles ... ? tx4hlp, joachim

...39;'xm list'' then shows the domain as crashed. Does the domain builder reside in the Dom0 kernel or is it a separate user space program? If it is a separate user space program, does it ''borrow'' any code or interfaces from the kernel source or xen-sparse tree? The grsecurity patches modify this code, and the non-grsec Dom0 referenced earlier was built from a non-patched Xen tree. >Are you using a debug build of Xen? You may get some more helpful >output. I''m not using a debug build. Do I just enable kernel debugging in the kernel .config or do I need...

...src.tgz and extracted it. I edited the toplevel Makefile to only compile 2.4.29-xenU. I ran "make world" and after a while xen and 2.4.29-xenU were built successfully. Then I changed to 2.4.29-xenU directory, and patched the sourcetree with grsec-patch[1] for linux 2.4.29 (patch -p1 < grsecuritypatch). Patching generated only one reject.. that being the toplevel Makefile and the extraversion in it. I changed the extraversion manually from "-xenU" to "-grsec-xenU". Then I copy&pasted the grsecurity configuration options from the end of arch/i386/config.in and pas...

Hello, now on my box I have Shorewall 2.0.7 who work fine but I want upgrade kernel to version 2.6.10 + Grsecurity, somebody have any problem with shorewall on this kernel? I read on one site that on this kernel APF don`t want work, APF users must change MONOKERN="0" to MONOKERN="1"! Shorewall? Thanks Sorry if my english bad! -- Best regards, Ratko mailto:ratko@...

...I first tried with the grsec- patched 2.6.14.6 sources but it is also the same failure with Gentoo''s hardened-sources-2.6.20-r10. Is this a known problem? Is there a workaround? Will this work sooner or later? I''m sorry for this maybe naive questions but I am new into this grsecurity domain. Thanks for any helpful answer. Reto Gantenbein _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users

Hy all! I'm new to this group, I welcome everyone. OS: Debian Woody 3.0, kernel 2.4.20-grsecurity Samba: 2.2.8a, compiled from source State: Samba up, and running Problem: I've got hundreads of unix users, and I don't want to import them one by one using smbpasswd. I've got a book from O'reilly wich is told to be the official. It says, this thing can be done by using the '...

Anyone know if there is a kernel autoconfigure tool to compile from source ? thanks luigi -- Linux Server, Microsoft Windows 2003/2008 Server, Exchange 2007 http://predellino.blogspot.com/

Hy again! OS: Debian Woody 3.0, kernel 2.4.20-grsecurity Samba: 2.2.8a status: samba up, and running Problem: If I use a usrname/password on client machines, (win98 and winxp/2k) I could not log on as an other user to the machine, only if I logout, or reboot the client. I1ve read in O'reilly's samba book, that there is an option revalidate. Bu...

Hi This is jesse. I am running exim as my mail server on cygwin. But i need imap/pop3 for accessing mail. I found that dovecot works on cygwin with some code change. So can i know how to compile dovecot on cygwin. This is important ANYBODY ____________________________________________________________________________________ Be a better friend, newshound, and know-it-all with Yahoo!

I'm using a simple mbox config with regular Unix users and pam authentication. I'm also using grsecurity. That's why I see what dovecot does in which users' name. As times goes by and new versions are coming I can frustratedly see, that more and more tasks are performed as root. Why? When I used 1.x series of Dovecot, imap process started in the name of the user whose mbox was accessed. Now I...

Prepare to mark sensitive kernel structures for randomization by making sure they're using designated initializers. These were identified during allyesconfig builds of x86, arm, and arm64, with most initializer fixes extracted from grsecurity. Signed-off-by: Kees Cook <keescook at chromium.org> --- drivers/gpu/drm/nouveau/nouveau_ttm.c | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/drivers/gpu/drm/nouveau/nouveau_ttm.c b/drivers/gpu/drm/nouveau/nouveau_ttm.c index a6dbe8258040....

Does anyone know of any Linux-based filesystem that does file-level auditing and logs based on username? Does ext2/3 do such auditing (stock or with patches)? I would like a filesystem that can be told to audit and log file deletions and log the username that deleted the file (similar to auditing on NTFS). I know, I should be using file permissions to prevent this type of deletion from

hello! i'm using redhat 7.2 with ext3 as my primary fs on kernel 2.4.17 + grsecurity + acl after 2-3 days of uptime i'm expiriencing problems... i attached below excert from my system logs. machine stops responing for a few seconds and after then it looks, like it's in normal operation again. the only problem is load, which is incrementing constantly, but cpu is 99% idle....