Language Selection

English French German Italian Portuguese Spanish

Linux Firewalls, 3rd Edition: Greater Security with GrSecurity

Filed under
HowTos

GrSecurity, formally known as Greater Security, is a kernel patch and userspace program for enhancing the security of a Linux system. GrSecurity, also referred to as Grsec, closes some avenues for attack and makes others much more difficult. Grsec implements a sophisticated Access Control List (ACL) for objects in Linux. The ACL can be used to provide much more granular control over files and other resources. For example, using a Grsec ACL, you can control what files will be shown as the result of a find command or which processes are included in process accounting logs.

Grsec also enables a system called PaX to restrict the capability of processes to alter memory space. This aspect alone renders many types of attacks involving overflows completely ineffective. Grsec also provides other protections such as stack randomization to make attacking the computer a more difficult task.

Full Story.

More in Tux Machines

Ubuntu Touch to Land with Bq Aquaris e4.5 Phones in February

The first two companies that have been confirmed to release phones with Ubuntu Touch are Meizu and Bq. Until now, only Meizu showed any kind of involvement with Ubuntu Touch and they were the first to announce a launch window. On the other hand, Bq has been silent, but it seems to have been very busy and to be the first one out the door. Read more

Linux 3.19 Merge Window Closes Ahead Of Schedule

Linus announced on Friday night that he's closing the merge window early for 3.19. Torvalds said that he's pulling the last of the pull requests on Saturday -- related to KBuild and the READ_ONCE split-up -- but is planning to then close the merge window. Read more

X.Org Server 1.16.3 Released To Fix Security Issues

Julien Cristau of Debian announced the X.Org Server 1.16.3 release on Saturday morning. The primary focus of this release is on correcting the security issues within the GLX, DIX, XV, DRI3, RENDER, and other areas of the xorg-server code-base affected by outstanding security problems. Read more