Grsecurity compatible? [Archive]

View Full Version : Grsecurity compatible?

interfasys

12-28-2003, 09:49 PM

I'm thinking of installing a grsecurity (http://www.grsecurity.net/) kernel.

Would DA run into problems because of this?

DirectAdmin Support

12-29-2003, 11:41 AM

Hello,

I really can't say for sure. If it's designed to support other precompiled binaries withtout issue, then it should work fine. (ie, if you have programs that you don't need to recompile, da should work)

John

loopforever

01-19-2004, 07:47 AM

If you test this out and it works, please let me know. I'm interested in using this patch also.

I think I may attempt to install it on an old machine, but if you already have a box running with it, I won't waste my time.

loopforever

01-19-2004, 08:12 AM

Updating the kernel + grsecurity on a RH 8 machine with DA. Will let you know how it turns out...

loopforever

01-19-2004, 09:11 AM

On my first attempt, I got the new kernel and grsecurity patch running, but I encountered a few problems with critical system services.

One thing I did notice is that DirectAdmin was not affected at all. That's a good thing.

Once I figure out how to get around the problems I ran into, I'll let you know.

ProWebUK

01-19-2004, 10:02 AM

What problems are you getting?

Chris

loopforever

01-19-2004, 10:07 AM

/etc/rc.d/init.d/httpd: line 46: ulimit: open files: cannot modify limit: Invalid argument

DirectAdmin Support

01-19-2004, 11:30 AM

Hello,

The ulimit isn't too big of a deal. It just increases the # of allowed open files for apache. You could try removing the "-S" from the ulimit lines.. or even just remove the lines completely if you want.

John

loopforever

01-19-2004, 01:47 PM

With -S removed from the 4 ulimit lines in /etc/rc.d/init.d/httpd everything appears to be working.

The test system is now successfully running 2.4.24 w/ Grsecurity. :)

If other people test this on their system, please tell me and i'll update this list:

Confirmed RH + DA 2.4.24-grsec O/Ses

RedHat 8.0

If you'd like to test it out, please use this guide:

http://www.webhostingtalk.com/showthread.php?s=&threadid=226739&perpage=15&pagenumber=1

Thanks :)!

thoroughfare

04-02-2004, 05:20 PM

Please add:

Confirmed RH9 + DA + 2.4.25-grsec set to medium

It's been running on a production box for weeks now with no problems.

HTH,
Matt :)

loopforever

04-02-2004, 05:57 PM

Yeah, same :). Two RH9 + Grsec production boxen working fine :).

ProWebUK

04-02-2004, 07:09 PM

Numerous systems running rh 7.X and 9 running perfect with DA also if you wish to add the 7.X

neorder

05-08-2004, 10:50 AM

Originally posted by loopforever

http://www.webhostingtalk.com/showthread.php?s=&threadid=226739&perpage=15&pagenumber=1

Thanks :)!

i was unable to read that WHT post, is it a guide? i had a permission deny from WHT.

the newer one i found here

http://www.webhostingtalk.com/showthread.php?s=&threadid=232664&highlight=kernel+2.6

shows kernel 2.4.26 w/ grsecurity...may try to upgrade later on, mine is 2.4.20 now.