openwall, grsecurity, PAX, LIDS, and Bastille for FC3

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I'm coming back to Linux after working a pile of Sun Solaris based tasks.
Last major encounter with Linux was RH 7.2.  Now I've got a task which will
take me into the AES3.0/AES 4.0, and FC3/FC4 realms. Most of my tasks relate
system security engineering, of which  hardening the OS is one of the
"defense-in-depth" measures. 

I've loaded FC3 onto a small machine to begin to update my knowledge/skills.
I also got a book on "Hardening Linux" by James Turnbull.  The book
discusses the openwall, grsecurity, PAX, and LIDS projects, but it was
published just as the 2.6 kernel was being developed, so the guidance was
aimed at the earlier kernel.  I did find a RedHat white paper on ExecShield,
and it appears to include some of the concepts from PAX.

I've also worked with Bastille before, and have discovered that it has been
updated for FC3. I could use Bastille in conjunction with the embedded
ExecShield for some of my tasks, but for some tasks where the risk is great,
additional hardening beyond ExecShield and Bastille would be highly
desireable.

Question, since FC3 should be the latest integrated offering of the kernel
and apps, how much of the openwall, grsecurity, PAX, and LIDS components
were added to the 2.6 kernel by the open source community, or by Red Hat
later? 

Guess I'm really asking is: What's left for me to add from from these
projects that wasn't already added?

Dave McGuffey
Principal Information Assurance Engineer
SAIC


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux