Permalink
Switch branches/tags
v0.2.138-001-rc v0.2.137-001-rc v0.2.136-001-rc v0.2.135-002-rc v0.2.135-001-rc v0.2.133-001-rc v0.2.132-001-rc v0.2.131-001-rc v0.2.130-002-rc v0.2.130-001-rc v0.2.129-001-rc v0.2.128-001-rc v0.2.127-001-rc v0.2.126-001-rc v0.2.125-001-rc v0.2.124-001-rc v0.2.123-001-rc v0.2.122-001-rc v0.2.121-001-rc v0.2.120-001-rc v0.2.119-001-rc v0.2.118-001-rc v0.2.117-001-rc v0.2.116-001-rc v0.2.115-001-rc v0.2.114-001-rc v0.2.113-001-rc v0.2.112-001-rc v0.2.111-001-rc v0.2.110-001-rc v0.2.109-001-rc v0.2.109-001-rc-doc1 v0.2.108-002-rc v0.2.108-002-rc-vanilladbg1 v0.2.108-001-rc v0.2.107-001-rc v0.2.107-001-rc-plus-vanilladbg v0.2.106-001-rc v0.2.105-001-rc v0.2.105-001-rc-deskmaxdbg-fix v0.2.104-001-more1 v0.2.104-001-more1fix3 v0.2.104-001-more1fi2x v0.2.103-201-rc v0.2.103-200-rc v0.2-104-rc v0.2-102-rc v0.2-102-rc-sign v0.2-101-release-doc1 v0.2-101-rc v0.1.100-01-rc v0.1.99-01-rc v0.1.98-01-release v0.1.98-01-release-verify2 v0.1.98-01-release-verify1 v0.1.98-01-release-doc1 v0.1.98-01-rc v0.1.97-02-release v0.1.97-01-release v0.1.96-01-release v0.1.96-01-rc v0.1.94-01-released v0.1.94-01-release v0.1.94-01-rc v0.1.93-02-release v0.1.92-01-released v0.1.92-01-release v0.1.92-01-rc v0.1.91-05-released v0.1.91-05-release v0.1.91-05-rc v0.1.90-03-release v0.1.90-03-rc2 v0.1.90-03-rc v0.1.90-03-rc-v3 v0.1.90-01-rc v0.1.90-01-rc-scriptsupdate2 v0.1.90-01-rc-scriptsupdate v0.1.89-01-rc v0.1.89-01-rc-scriptsupdate v0.1.88-02-released v0.1.88-02-release v0.1.88-02-rc v0.1.88-01-rc v0.1.87-02-rc v0.1.87-01-rc v0.1.86-03-release v0.1.86-03-rc v0.1.86-01-rc v0.1.85-01-release v0.1.85-01-rc v0.1.84-01-release v0.1.84-01-rc v0.1.83-02-release v0.1.83-01-release v0.1.82-02-rc v0.1.81-01-release v0.1.81-01-rc v0.1.80-02-release v0.1.80-01-rc
Nothing to show
Find file
Fetching contributors…
Cannot retrieve contributors at this time
49 lines (33 sloc) 2.14 KB
This are hardened (grsecurity) kernels for Linux (debian)
- modern vanilla kernel
- applied GrSecurity - the excellent linux security patches
- used base options
- configure kernel options for 5+ levels of security to choose
- release as distribution (e.g. .deb files)
---------------------------------------------------------------------
Using:
Choose a kernel to use, as root do: dpkg -i filename.deb to install it. Then boot it, that's all.
Possibly set pax flags later if any problems with applications.
* Choose a kernel: start with [goodsrv] kernel.
- boot: if system does not boot at all, use other kernel
- video: if system boots but video mode is not working, try patching Xorg (no ioports) or use other/open driver, if this can not be resolved, use other kernel
- apps-pax: if all works but some programs crash/hang: firefox, icedove, java, python - then set proper PAX flags with setfattr (google it - TODO documentation, it's one command easy) else use other kernel
* Choose a [good] kernel.
- boot: if it fails again, skip this kernel
- video: if it fails again, skip this kernel
- apps-pax: if it fails again, skip this kernel
* Choose a regular kernel (return to normal kernel)
- but we will release more compatible kernels [normal] and [light] in future.
PLEASE, please report the bug to us!
All your bugreports and any other constructive feedback is very important to us, see wiki.debian.org/Mempo
---------------------------------------------------------------------
Secured Kernel variants:
min - desktop: 100% compatible identical operation to regualar system
light - desktop: compatible but changes (e.g. hides processes, dmesg), very light
normsrv - server: most grsecurity except expensive stuff
norm - desktop: most grsecurity except expensive stuff (except kmem/IOports)
goodsrv - server: all grsecurity is used
good - desktop: all grsecurity is used (except kmem/IOports)
bestsrv - server: all grsecurity is used and some other asserts/debugs
maxsrv - server: all grsecurity is used and very expensive asserts like IOMMU/VM debug/assert
crazysrv - server: absolutelly all possible security options, checks, asserts etc are turned on