hi
Is there any interest ( ie. would people be willing to help ) get a grsec and/or otherwise hardened kernel for CentOS-6/7 ? I dont think its worth putting in the effort into CentOS-5 at this point.
Regards
Hi,
The closest we got to grsec in EL6 is kmod-tpe from ElRepo, perhaps that could be done for EL7, too.
Tbh I'd love a grsec hardened centos kernel in centosplus. :-)
Willing to test.
-- Sent from the Delta quadrant using Borg technology!
Nux! www.nux.ro
----- Original Message -----
From: "Karanbir Singh" mail-lists@karan.org To: centos-devel@centos.org Sent: Tuesday, 12 August, 2014 11:30:33 AM Subject: [CentOS-devel] interest in a grsec / hardened kernel
hi
Is there any interest ( ie. would people be willing to help ) get a grsec and/or otherwise hardened kernel for CentOS-6/7 ? I dont think its worth putting in the effort into CentOS-5 at this point.
Regards
-- Karanbir Singh +44-207-0999389 | http://www.karan.org/ | twitter.com/kbsingh GnuPG Key : http://www.karan.org/publickey.asc _______________________________________________ CentOS-devel mailing list CentOS-devel@centos.org http://lists.centos.org/mailman/listinfo/centos-devel
On 12/08/14 13:08, Nux! wrote:
Hi,
The closest we got to grsec in EL6 is kmod-tpe from ElRepo, perhaps that could be done for EL7, too.
Tbh I'd love a grsec hardened centos kernel in centosplus. :-)
Willing to test.
-- Sent from the Delta quadrant using Borg technology!
Nux! www.nux.ro
I've spent some time looking at getting TPE to build under RHEL7, but due to the API changes it's not something I can easily fix. Unfortunately it looks like TPE is no longer being actively maintained. It's a real shame IMHO as I consider kmod-tpe to be a great addition to the sysadmin's toolbox for system hardening.
----- Original Message -----
From: "Karanbir Singh" mail-lists@karan.org To: centos-devel@centos.org Sent: Tuesday, 12 August, 2014 11:30:33 AM Subject: [CentOS-devel] interest in a grsec / hardened kernel
hi
Is there any interest ( ie. would people be willing to help ) get a grsec and/or otherwise hardened kernel for CentOS-6/7 ? I dont think its worth putting in the effort into CentOS-5 at this point.
Regards
-- Karanbir Singh +44-207-0999389 | http://www.karan.org/ | twitter.com/kbsingh GnuPG Key : http://www.karan.org/publickey.asc _______________________________________________ CentOS-devel mailing list CentOS-devel@centos.org http://lists.centos.org/mailman/listinfo/centos-devel
CentOS-devel mailing list CentOS-devel@centos.org http://lists.centos.org/mailman/listinfo/centos-devel
On 17/08/14 10:45, Ned Slider wrote:
On 12/08/14 13:08, Nux! wrote:
Hi,
The closest we got to grsec in EL6 is kmod-tpe from ElRepo, perhaps that could be done for EL7, too.
Tbh I'd love a grsec hardened centos kernel in centosplus. :-)
Willing to test.
-- Sent from the Delta quadrant using Borg technology!
Nux! www.nux.ro
I've spent some time looking at getting TPE to build under RHEL7, but due to the API changes it's not something I can easily fix. Unfortunately it looks like TPE is no longer being actively maintained. It's a real shame IMHO as I consider kmod-tpe to be a great addition to the sysadmin's toolbox for system hardening.
Further to some work by the upstream developer, elrepo now has updated kmod-tpe packages (kmod-tpe-1.0.3-990.git20140821) for all dist/arch's (except el5 32bit at present) in the elrepo-testing repository. Consider these a beta/testing release subsequent to a version 1.0.4 release.
So we don't unnecessarily clutter the centos-devel list, further discussion is welcome at the elrepo mailing lists (unless the CentOS guys specifically want to keep discussions here).
----- Original Message -----
From: "Karanbir Singh" mail-lists@karan.org To: centos-devel@centos.org Sent: Tuesday, 12 August, 2014 11:30:33 AM Subject: [CentOS-devel] interest in a grsec / hardened kernel
hi
Is there any interest ( ie. would people be willing to help ) get a grsec and/or otherwise hardened kernel for CentOS-6/7 ? I dont think its worth putting in the effort into CentOS-5 at this point.
Regards
-- Karanbir Singh +44-207-0999389 | http://www.karan.org/ | twitter.com/kbsingh GnuPG Key : http://www.karan.org/publickey.asc
On 2014-08-21, Ned Slider ned@unixmail.co.uk wrote:
So we don't unnecessarily clutter the centos-devel list, further discussion is welcome at the elrepo mailing lists (unless the CentOS guys specifically want to keep discussions here).
Do you think they would be open to being gated to Gmane?
--keith
On Thu, Aug 21, 2014 at 1:02 PM, Keith Keller kkeller@wombat.san-francisco.ca.us wrote:
On 2014-08-21, Ned Slider ned@unixmail.co.uk wrote:
So we don't unnecessarily clutter the centos-devel list, further discussion is welcome at the elrepo mailing lists (unless the CentOS guys specifically want to keep discussions here).
Do you think they would be open to being gated to Gmane?
The main elrepo mailing list can be found here:
http://dir.gmane.org/gmane.linux.rpm.elrepo.user
Akemi
On 2014-08-21, Akemi Yagi amyagi@gmail.com wrote:
The main elrepo mailing list can be found here:
Hmm, it looks like Gmane isn't up to date; the last posting there seems to be from April. I'll see if I can contact them to try to re-sync.
--keith
On Thu, Aug 21, 2014 at 3:08 PM, Keith Keller kkeller@wombat.san-francisco.ca.us wrote:
On 2014-08-21, Akemi Yagi amyagi@gmail.com wrote:
The main elrepo mailing list can be found here:
Hmm, it looks like Gmane isn't up to date; the last posting there seems to be from April. I'll see if I can contact them to try to re-sync.
I too realized that there was no update. Thanks for your offer to contact them.
Akemi
On 2014-08-21, Akemi Yagi amyagi@gmail.com wrote:
On Thu, Aug 21, 2014 at 3:08 PM, Keith Keller kkeller@wombat.san-francisco.ca.us wrote:
On 2014-08-21, Akemi Yagi amyagi@gmail.com wrote:
The main elrepo mailing list can be found here:
Hmm, it looks like Gmane isn't up to date; the last posting there seems to be from April. I'll see if I can contact them to try to re-sync.
I too realized that there was no update. Thanks for your offer to contact them.
FWIW, I did send them email a few days ago, but have not heard back, nor is the archive up to date. Maybe others can also ask the Gmane maintainers about the issue?
--keith
On Sun, Aug 24, 2014 at 6:49 PM, Keith Keller kkeller@wombat.san-francisco.ca.us wrote:
On 2014-08-21, Akemi Yagi amyagi@gmail.com wrote:
On Thu, Aug 21, 2014 at 3:08 PM, Keith Keller kkeller@wombat.san-francisco.ca.us wrote:
On 2014-08-21, Akemi Yagi amyagi@gmail.com wrote:
The main elrepo mailing list can be found here:
Hmm, it looks like Gmane isn't up to date; the last posting there seems to be from April. I'll see if I can contact them to try to re-sync.
I too realized that there was no update. Thanks for your offer to contact them.
FWIW, I did send them email a few days ago, but have not heard back, nor is the archive up to date. Maybe others can also ask the Gmane maintainers about the issue?
This conversation is really off-topic here, so let's make this one to be the last ;-)
I was able to get hold of an admin. They resubscribed to the M/L. I assume it starts collecting the posts from now on.
Thanks again for your help,
Akemi
On Tue, Aug 12, 2014 at 3:30 AM, Karanbir Singh mail-lists@karan.org wrote:
hi
Is there any interest ( ie. would people be willing to help ) get a grsec and/or otherwise hardened kernel for CentOS-6/7 ? I dont think its worth putting in the effort into CentOS-5 at this point.
I'm interested in this. We've been building one for EL6. Because of the way grsec uses newer gcc macros, it involves building with a newer GCC than ships with EL6 -- we did this by using the CERN devtoolset. Our specs and build process are here https://github.com/el-grsecurity/specfiles -- I haven't built and signed the latest kernel there for public consumption, but the spec is available at least.
-Jeff
-
Akemi Yagi -
Jeff Sheltren -
Karanbir Singh -
Keith Keller -
Ned Slider -
Nux!