Language Selection

English French German Italian Portuguese Spanish

Enhancing kernel security with grsecurity

Filed under
HowTos

Is your server as secure as it could be? Sure, you use a firewall, mandate strong passwords, and patch regularly. You even take a proactive approach by performing security audits with tools such as nmap and Nessus. Yet you may still be vulnerable to zero-day exploits and privilege escalation attacks. If these possibilities keep you awake at night, you're not alone. The sleepless folks with the grsecurity project have developed an easy-to-use set of security enhancements to help put your fears to rest.

To say that grsecurity provides many enhancements is an understatement. There are more than 30 options to choose from after installation.

Take note that grsecurity requires the use of a vanilla kernel from www.kernel.org. The kernel source supplied by your distribution's vendor has most likely been patched beyond recognition to grsecurity. With that caveat in mind, installation is simple.

Full Story.

More in Tux Machines

Coverity Report Finds Open Source Code Quality Beats Commercial Code

Synopsys has announced the release of its annual Coverity Scan Open Source Report, which is widely followed. The 2014 report details the analysis of nearly 10 billion lines of source code through the Coverity Scan service and commercial usage of the Synopsys Testing Platform. For the report, the company analyzed code from more than 2,500 open source C/C++ projects as well as an anonymous sample of commercial projects in 2014. Additionally, the report highlights results from several popular, open source Java and C# projects that have joined the Coverity Scan service since March 2013. Here are findings. Read more Also: Coverity Scan Open Source Report Shows Commercial Code Is More Compliant to Security Standards than Open Source Code

DragonFlyBSD Has Full-Acceleration Now Working For Intel Broadwell Graphics

Francois Tigeot's latest effort on porting the Intel i915 DRM code from the Linux kernel to DragonFlyBSD has paid off in the form of full acceleration for Broadwell "Gen8" HD/Iris Graphics. Tigeot issued a call for testing a few days back of an update to the i915 DRM code that would position the DragonFlyBSD's code at the stage of the Linux 3.16 kernel. This updated code should fix some issues that previously caused X.Org Server crashes, correct outstanding bugs, improve performance for all GPU generations, and provide much improved support for Broadwell graphics. He noted that the Broadwell GPUs on DragonFlyBSD should now be fully accelerated with this new code. Read more

Elive 2.6.8 beta released

Beta versions are not so optimized as the Stable ones due to debug flags and developer profiles, you can encounter errors and incomplete things, if you want a more polished system try the Stable version instead. Read more

Leftovers: SysAdmins/Servers

  • Why Docker is Not Yet Succeeding Widely in Production
    Docker’s momentum has been increasing by the week, and from that it’s clearly touching on real problems. However, for many production users today, the pros do not outweigh the cons. Docker has done fantastically well at making containers appeal to developers for development, testing and CI environments—however, it has yet to disrupt production. In light of DockerCon 2015’s “Docker in Production” theme I’d like to discuss publicly the challenges Docker has yet to overcome to see wide adoption for the production use case. None of the issues mentioned here are new; they all exist on GitHub in some form. Most I’ve already discussed in conference talks or with the Docker team. This post is explicitly not to point out what is no longer an issue: For instance the new registry overcomes many shortcomings of the old. Many areas that remain problematic are not mentioned here, but I believe that what follows are the most important issues to address in the short term to enable more organizations to take the leap to running containers in production. The list is heavily biased from my experience of running Docker at Shopify, where we’ve been running the core platform on containers for more than a year at scale. With a technology moving as fast as Docker, it’s impossible to keep everything current. Please reach out if you spot inaccuracies.
  • A New SysAdmin Pledge in Honor of SysAdmin Day
    In fact, history is filled with examples of great people declaring a holiday for themselves. Take Christopher Columbus, for example. Upon discovering “The New World”, Columbus immediately declared the second Monday in October to be “Columbus Day” (to be celebrated with cake… and balloons… and confetti). It took a year or two to catch on, but before the decade was through, most of the world was already celebrating this new holiday. It's true. Look it up.
  • 10 Job Interview Questions for Linux System Administrators
    SysAdmins of all experience levels, then, can benefit from brushing up on their job interview skills if they want to find and land a great new job.
  • IBM to Deliver Apache Spark for Linux on Z System Mainframes
    IBM has announced support for Apache Spark for Linux on z Systems, as part of its effort to expand the reach of its mainframe platforms. Among other benefits, the z Systems will now have a lot of appeal for data scientists that can leverage Apache Spark’s advanced analytics capabilities--all running on Linux.