Language Selection

English French German Italian Portuguese Spanish

Linux Firewalls, 3rd Edition: Greater Security with GrSecurity

Filed under
HowTos

GrSecurity, formally known as Greater Security, is a kernel patch and userspace program for enhancing the security of a Linux system. GrSecurity, also referred to as Grsec, closes some avenues for attack and makes others much more difficult. Grsec implements a sophisticated Access Control List (ACL) for objects in Linux. The ACL can be used to provide much more granular control over files and other resources. For example, using a Grsec ACL, you can control what files will be shown as the result of a find command or which processes are included in process accounting logs.

Grsec also enables a system called PaX to restrict the capability of processes to alter memory space. This aspect alone renders many types of attacks involving overflows completely ineffective. Grsec also provides other protections such as stack randomization to make attacking the computer a more difficult task.

Full Story.

More in Tux Machines

Rugged mini-PC runs Android on Via’s Cortex-A9 SoC

Via debuted a rugged fanless low-power Android mini-PC based on Via’s dual-core Cortex-A9 Elite E1000 SoC, and offering mini-PCIe, mSATA, HDMI, and GbE I/O. Via designed the “Artigo A900″ mini-PC for use in Android-based interactive kiosks, home automation devices, signage, and other HMI solutions. The 125 x 125 x 30mm mini-PC can be configured to “blend locally-captured real-time video streams with cloud-delivered content to create visually-compelling interactive displays for retail, banking, museums, and other environments,” says Via Technologies. The device can integrate peripherals including sensors, cameras, ticket printers, and barcode and fingerprint scanners, adds the company. Read more

Newest Androids will join iPhones in offering default encryption, blocking police

The next generation of Google’s Android operating system, due for release next month, will encrypt data by default for the first time, the company said Thursday, raising yet another barrier to police gaining access to the troves of personal data typically kept on smartphones. Android has offered optional encryption on some devices since 2011, but security experts say few users have known how to turn on the feature. Now Google is designing the activation procedures for new Android devices so that encryption happens automatically; only somebody who enters a device's password will be able to see the pictures, videos and communications stored on those smartphones. Read more

X.Org Server Shatter Project Fails

Earlier this summer was the start of an X.Org-funded project to develop Shatter. Shatter has long been talked about as a new feature for the X.Org Server to replace Xinerama. Shatter comes down to allowing the X.Org Server to split the rendering between multiple GPUs with each GPU covering different areas of a larger desktop. A student from Cameroon hoped to develop the Shatter support after such feature was talked about for years. The student, Nyah Check, was being funded by the X.Org Foundation through the foundation's Endless Vacation of Code project that's similar in nature to Google's GSoC but runs year-round and is much more loose about requirements. Read more

today's howtos