similar to: stealt match grsecurity

Hi guys, I''m looking for every possible way to secure my dom0 before shipping it out to the datacenter, and grsecurity/pax was one such option. I tried installing the binaries from the Arch Linux repos, but had little success with them (Xen kernel loaded, passed to dom0, then promptly rebooted). I had no clues in kernel.log or dmesg, both seemed normal. Any suggestions or advice?

Howdy folks ! I just added Dovecot as a standard package to Devil-Linux and ran into a problem with resource limits. Grsecurity (http://www.grsecurity.net) is used in DL to prevent problems with common exploits, it also reports violations of rlimits. The following messages show up in the log, but it seems that the IMAP Server works fine: Apr 26 19:20:04 src at gate imap-login: Login: hz

I've been working with Asterisk for about 2 months now and am doing well. However I decided to switch platforms from Fedora Core 1, that my predacessor was using, to Gentoo, for obvious reasons. It just seems faster and less "bloated" everything I need, nothing I don't. Anyways, I've read what the Wiki had to say about it and I was only confused on one thing, putting

Hi, with fetching the folder structure with the webclient Tine i can see following error messages inside of the logfiles: Panic: file mail-storage.c: line 791 (mailbox_check_mismatching_separators): assertion failed: (strncmp(vname, ns->prefix, ns->prefix_len-1) == 0) Error: Raw backtrace: /usr/lib/dovecot/libdovecot.so.0(+0x448fa) [0x7f70036db8fa] ->

hi, i have a strange situtation. i try to connect to my machine with ssh and the packets are dropped but i have at the top of my rules an accept. the configuration looks like: rules-file: ----------- ACCEPT net fw tcp 22 - TCPDUMP-log: ------------ 12:16:08.153934 84.153.98.30.1322 > [my-destination-machine].ssh: S 3717288415:3717288415(0) win 64240 <mss

hi, there is no support for patch-o-matic netfilter modules. what i have to do if i want to use several patch-o-matic modules? which parts of code has to be changed and will that changed be included into the main shorewall tree in future or not? best regards claus

If I patch the 2.4.14 kernel with the grsecurity patch first I get errors while patching the ext3 patch. the link for the grsecuritypatch is http://www.grsecurity.net/download.htm (which ever patch I do first works fine..the onther patch fails) this is the error I get fro patching the ext3 patch second (I get an error inthe same place if I patch the grsecurity patch second) Hunk #1 FAILED at

I am trying to run Dovecot on RH 7.3 with Linux kernel 2.4.20 + GrSecurity patch. I downloaded the RPM yesterday and installed it. When I start Dovecot the kernel reports: kernel: grsec: From 192.168.1.22: attempt to overstep process limit by (dovecot:14491) UID(0) EUID(0), parent (dovecot:23872) UID(0) EUID(0) I have never seen this problem in the 3 years I have used GrSecurity together with a

You''ll need to install the ''openid'' gem for this, and require it in your camping app: class Login < R ''/login'' def get this_url = ''http:'' + URL(''/login'').to_s unless input.finish.to_s == ''1'' # start doing the auth here begin

hi, i want to build openssh in my uclibc environment with a cross-compiler. my problem is that the configure-script is not very cross-compile friendly. there are a lot of things that will be tested while configuring. if the script find a cross compiler it exits with code 1. how to solve this issue ? thanks claus

Hi, this happens since a few days on a Gentoo hardened system using a grsecurity enabled kernel running Dovecot 1.0.10, only to 2 of 10 users though: --8<-- kernel: grsec: From 192.168.0.1: denied resource overstep by \ requesting 537325568 for RLIMIT_AS against limit 536870912 \ for /usr/libexec/dovecot/imap[imap:15708] uid/euid:30010/30010 \ gid/egid:30006/30006, parent

Hello, after upgrading to samba 3.5.6 of Debian Squeeze some printouts will not printed. The same prinjob will printed after a couple of tries. I increased the loglevel and there are only a few messages which showing whtat could be the problem. The printjobs doesn't arrive at cups. [2011/08/10 11:32:12.700665,? 0] lib/charcnv.c:650(convert_string_talloc)? Conversion error: Illegal multibyte

version dovecot-1.0-test27: Jul 9 21:49:07 server dovecot: IMAP(testtest): mprotect() failed with index file /home/testtest/mail/.imap/INBOX/dovecot.index: Permission denied with version 0.99.10.6 i have no such troubles ... ? tx4hlp, joachim

>This is pretty surprising. When a domU is actually running, dom0 isn''t >really involved (other than for IO), so its surprising grsec makes a >difference. >Do you get any console output from the guest before it crashes? I''m >wandering if its actually been built incorrectly by the domain builder >running in dom0. I don''t get any output from the guest

Thats really annoying because the printing with samba is not possible, just printing directly to cups is possible. The clients are working with UTF-8, the server is working with UTF-8, don't know why character conversion should be a problem here. More details: [2011/09/14 13:55:24.173846, ?5] rpc_server/srv_pipe.c:2367(api_pipe_request) ? Requested \PIPE\\spoolss [2011/09/14 13:55:24.173878,

Hi list! I''m trying to run 2.4.29-xenU with grsec. Jacob Gorm Hansen said couple of weeks ago, that grsec should work with xen when pax is disabled.. Well, to get the kernel compiling there''s some source hacking that needs to be done.. I''ll describe what I did and what error I got: I downloaded xen-2.0-testing-src.tgz and extracted it. I edited the toplevel Makefile

Hello, now on my box I have Shorewall 2.0.7 who work fine but I want upgrade kernel to version 2.6.10 + Grsecurity, somebody have any problem with shorewall on this kernel? I read on one site that on this kernel APF don`t want work, APF users must change MONOKERN="0" to MONOKERN="1"! Shorewall? Thanks Sorry if my english bad! -- Best regards, Ratko

Hello everybody For network simulation purposes I am trying to run a Linux image with a PAX enabled grsec kernel on a Gentoo xen-3.1.1 with HVM. While the image boots flawlessly on real hardware the kernel does not really like the fully virtualized Xen/Qemu environment. It does not succeed to boot (for dmesg see attachment). I first tried with the grsec- patched 2.6.14.6 sources but it

Anyone know if there is a kernel autoconfigure tool to compile from source ? thanks luigi -- Linux Server, Microsoft Windows 2003/2008 Server, Exchange 2007 http://predellino.blogspot.com/

Hy all! I'm new to this group, I welcome everyone. OS: Debian Woody 3.0, kernel 2.4.20-grsecurity Samba: 2.2.8a, compiled from source State: Samba up, and running Problem: I've got hundreads of unix users, and I don't want to import them one by one using smbpasswd. I've got a book from O'reilly wich is told to be the official. It says, this thing can be done by using the