Grsecurity

grsecurity is a set of patches for the Linux kernel with an emphasis on enhancing security. It allows the system administrator to, among other things, define a least privilege policy for the system, in which every process and user have only the lowest privileges needed to function.

This book is intended as a comprehensive up-to-date user guide about setting up and administrating a grsecurity-enabled system.

IntroductionEdit

Overview 100% developed  as of July 02, 2010
Terminology 100% developed  as of July 28, 2013
How to Contribute 100% developed  as of July 28, 2013

InstallationEdit

Obtaining Required Components 100% developed  as of Jul 24, 2009
Downloading grsecurity
Downloading gradm
Downloading the Linux Kernel
Verifying the Downloads
Configuring and Installing grsecurity 100% developed  as of Jan 02, 2010
Patching Your Kernel with grsecurity
Configuring the Kernel
Compiling and Installing the Kernel

AdministrationEdit

The Administration Utility (gradm) 75% developed  as of Jul 23, 2009
Installation
Usage
Learning Mode
Additional Utilities 75% developed  as of Jul 23, 2009
Controlling PaX Flags (paxctl)
Displaying Program Capabilities (pspax)
Managing the Executable Stack of Binaries (execstack)
Runtime Configuration Through sysctl 100% developed  as of Jul 23, 2009
Troubleshooting

Policy ConfigurationEdit

The RBAC System in grsecurity 75% developed  as of Jan 02, 2010
What Is an RBAC System?
Limitations of any Access Control System 25% developed  as of Sept 18, 2009
Policy Structure 100% developed  as of Jan 02, 2010
Rules for Policies 25% developed  as of Sept 18, 2009
Roles 75% developed  as of Sept 14, 2009
Subjects 50% developed  as of Nov 10, 2013
Domains 100% developed  as of Jan 02, 2010
Capability Restrictions 75% developed  as of Sept 13, 2009
Resource Restrictions 75% developed  as of Jan 02, 2010
Socket Policies 75% developed  as of Sept 13, 2009
PaX Flags 100% developed  as of Sept 13, 2009
Flow of Matches 75% developed  as of Sept 13, 2009
Policy Recommendations 25% developed  as of Sept 13, 2009
Sample Policies 50% developed  as of Sept 13, 2009

Application-specific SettingsEdit

Show full list / Add Application
ATI Catalyst (fglrx)
Firefox/Iceweasel
Google Chrome
Grub
GUFW/UFW firewalls or Update Manager
IOQuake3
ISC DHCP Server
Java
Openoffice.org
PHP and other applications that set their own resource limits
X.org

Reporting BugsEdit

Reporting bugs 75% developed  as of Sept 27, 2009
Contacts
Requirements

AppendixEdit

ListsEdit

Grsecurity and PaX Configuration Options 100% developed  as of Jul 23, 2009

TablesEdit

Role Modes 100% developed  as of Sept 11, 2009
Role Attributes 100% developed  as of Sept 11, 2009
Subject Modes 100% developed  as of Sept 12, 2009
Subject Attributes 100% developed  as of Sept 12, 2009
Object Modes 100% developed  as of Sept 13, 2009
PaX Flags 100% developed  as of Jul 24, 2009
Capability Names and Descriptions 100% developed  as of Jul 24, 2009
System Resources 100% developed  as of Sept 11, 2009
Sysctl Options 100% developed  as of Jul 28, 2013

Credits and PermissionsEdit

See Credits and Permissions for details about copyright and references of this document.

External LinksEdit

Last modified on 23 February 2014, at 23:17