[CentOS-devel] [SIG Hardening] hardening classes

Fri May 8 11:01:33 UTC 2015
Leam Hall <leamhall at gmail.com>

On 05/07/15 18:32, Ezequiel Brizuela [aka EHB or qlixed] wrote:
> I really like to participate in this SIG, I mostly want to add a support
> for grsecurity hardened kernel, this can be an option/part of this SIG?
> Grsecurity have patches as stable for the Kernel 3.2 and 3.14 Branches,
> I know that is not the same branches that currently handle Centos7
> Kernel, so I want to put this clear for the first moment and get your
> feedback about.

Ezequiel, that would be interesting. A couple of questions come to mind. 
First, will it be optional? That is, can the grsecurity stuff be a 
choice of someone implementing our hardening recommendations? There are 
reasons, either lack of testing framework or application requirements, 
that might make a CentOS user want parts of the hardening stuff without 
all of it.

The second question, and this is based off my lack of knowledge, is how 
future open is your idea? Can it grow to cover the current kernels as 
well as the 4.x series?

Leam