Open main menu
Last modified on 15 January 2015, at 00:09

Grsecurity

75% developed
Wikipedia-logo.png

Wikipedia has related information at PaX
Printer.svg

A printable version of Grsecurity is available. (edit it)

grsecurity is a set of patches for the Linux kernel with an emphasis on enhancing security. It allows the system administrator to, among other things, define a least privilege policy for the system, in which every process and user have only the lowest privileges needed to function.

This book is intended as a comprehensive up-to-date user guide about setting up and administrating a grsecurity-enabled system.

IntroductionEdit

Overview 100% developed  as of July 02, 2010
Terminology 100% developed  as of July 28, 2013
How to Contribute 100% developed  as of July 28, 2013

InstallationEdit

Obtaining Required Components 100% developed  as of Jul 24, 2009
Downloading grsecurity
Downloading gradm
Downloading the Linux Kernel
Verifying the Downloads
Configuring and Installing grsecurity 100% developed  as of Jan 02, 2010
Patching Your Kernel with grsecurity
Configuring the Kernel
Compiling and Installing the Kernel

AdministrationEdit

The Administration Utility (gradm) 75% developed  as of Jul 23, 2009
Installation
Usage
Learning Mode
Additional Utilities 75% developed  as of Jul 23, 2009
Controlling PaX Flags (paxctl)
Displaying Program Capabilities (pspax)
Managing the Executable Stack of Binaries (execstack)
Runtime Configuration Through sysctl 100% developed  as of Jul 23, 2009
Troubleshooting

Policy ConfigurationEdit

The RBAC System in grsecurity 75% developed  as of Jan 02, 2010
What Is an RBAC System?
Limitations of any Access Control System 25% developed  as of Sept 18, 2009
Policy Structure 100% developed  as of Jan 02, 2010
Rules for Policies 25% developed  as of Sept 18, 2009
Roles 75% developed  as of Sept 14, 2009
Subjects 50% developed  as of Nov 10, 2013
Domains 100% developed  as of Jan 02, 2010
Capability Restrictions 75% developed  as of Sept 13, 2009
Resource Restrictions 75% developed  as of Jan 02, 2010
Socket Policies 75% developed  as of Sept 13, 2009
PaX Flags 100% developed  as of Sept 13, 2009
Flow of Matches 75% developed  as of Sept 13, 2009
Policy Recommendations 25% developed  as of Sept 13, 2009
Sample Policies 50% developed  as of Sept 13, 2009

Application-specific SettingsEdit

Show full list / Add Application
ATI Catalyst (fglrx)
cPanel jailshell
Firefox/Iceweasel
Google Chrome
Grub
GUFW/UFW firewalls or Update Manager
IOQuake3
ISC DHCP Server
Java
Nagios
Node.js
Openoffice.org
PHP and other applications that set their own resource limits
X.org

Reporting BugsEdit

Reporting bugs 75% developed  as of Sept 27, 2009
Contacts
Requirements

AppendixEdit

ListsEdit

Grsecurity and PaX Configuration Options 100% developed  as of Jul 23, 2009

TablesEdit

Role Modes 100% developed  as of Sept 11, 2009
Role Attributes 100% developed  as of Sept 11, 2009
Subject Modes 100% developed  as of Sept 12, 2009
Subject Attributes 100% developed  as of Sept 12, 2009
Object Modes 100% developed  as of Sept 13, 2009
PaX Flags 100% developed  as of Jul 24, 2009
Capability Names and Descriptions 100% developed  as of Jul 24, 2009
System Resources 100% developed  as of Sept 11, 2009
Sysctl Options 100% developed  as of Jul 28, 2013

Credits and PermissionsEdit

See Credits and Permissions for details about copyright and references of this document.

External LinksEdit