Language Selection

English French German Italian Portuguese Spanish

Linux Firewalls, 3rd Edition: Greater Security with GrSecurity

Filed under
HowTos

GrSecurity, formally known as Greater Security, is a kernel patch and userspace program for enhancing the security of a Linux system. GrSecurity, also referred to as Grsec, closes some avenues for attack and makes others much more difficult. Grsec implements a sophisticated Access Control List (ACL) for objects in Linux. The ACL can be used to provide much more granular control over files and other resources. For example, using a Grsec ACL, you can control what files will be shown as the result of a find command or which processes are included in process accounting logs.

Grsec also enables a system called PaX to restrict the capability of processes to alter memory space. This aspect alone renders many types of attacks involving overflows completely ineffective. Grsec also provides other protections such as stack randomization to make attacking the computer a more difficult task.

Full Story.

More in Tux Machines

Userptr Support Set For AMD Radeon GPUs In Linux 3.18

While it was originally set for Linux 3.17, with the Linux 3.18 kernel that's still months away will be userptr support for the AMD Radeon graphics driver. Read more

Rugged mini-PCs have four gigabit ports, run Ubuntu

Stealth.com has launched four rugged mini-PCs based on 3rd Gen. Intel Core CPUs, featuring four gigabit ports, Ubuntu, and optional PCI and PCIe expansion. The four new LPC480x models are the latest members of the Little PC family of mini-PCs from Stealth.com (formerly Stealth Computer), which include the circa-2011, Intel Atom D525 based LPC-125LPM. The company sells about 50 different LPC models available with Windows or Ubuntu Linux. The systems are designed for embedded control, digital signs, kiosks, mobile navigation, thin-clients, POS, and Human Machine Interface (HMI) applications. Read more

LinuxCon: What's Going On With Fedora.Next

For those curious about what's going on with "Fedora.Next" in revolutionizing the Fedora Linux distribution, Matthew Miller -- Fedora's new Project Leader -- is presenting at LinuxCon Chicago today covering the ongoing working for the Red Hat sponsored distribution. Matthew Miller's presentation is entitled "How Linux Distros Became Boring (and Fedora's Plan to Put Boring Where It Belongs)." It doesn't look like I'll make it over to LinuxCon Chicago due to the weather over here in Indiana today, but fortunately for all those outside of Chicago, you can already find Matthew's slides online. Read more

Intel Sandy Bridge Gains On Linux 3.17 Extend Beyond Graphics

Yesterday I shared some benchmarks showing Intel Sandy Bridge HD Graphics performance increasing on Linux 3.17 for this several year old architecture. This came as a surprise but the good news is the performance improvements on this new Linux kernel don't stop with OpenGL but extend to CPU performance too. Read more