FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.

» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Gentoo > Gentoo Hardened

LinkBack Thread Tools
Old 06-18-2012, 04:32 PM
Ed W
Default What to do with old 1) profiles and 2) kernels

On 14/06/2012 17:04, "Paweł Hajdan, Jr." wrote:

On 6/14/12 4:51 PM, Anthony G. Basile wrote:

1) We still have the old 10.0 hardened profiles on the tree. They've
been marked deprecated for about two years and I have no idea what state
they're in. I'm going to punt them in a day unless someone gives me a
really good reason to keep them.

Sounds good.

If you have some more time (maybe later) it would be nice to restructure
the profiles so that hardened bits are in profiles/features, to allow
e.g. easy creation of hardened-developer profile.



I create my own: /usr/local/portage/profiles/myname/xxx

And in there I create my own sub profiles for all my linux-vserver builds.

Actually, there isn't anything I currently need splitting out of the
current profiles, so not quite sure what I'm +1-ing, but I guess more to
raise awareness that this is quite easy and works extremely nicely

Oh, as an aside, I have settled on linux-vservers+grsec+pax as my tool
of choice for servers (I guess that's roughly a hardened kernel +
linux-vserver). I find that vservers are extremely lightweight and easy
to maintain and the hardened stuff makes me sleep a little easier (the
linux-vserver code already includes all the important restrictions to
make it hard to escape from chroots, the grsec/patch parts for that are
unnecessary). I would recommend that solution to anyone with a server


Ed W

Thread Tools

All times are GMT. The time now is 09:50 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org