Posted by the ManGeek

Thursday, April 7th 2005 4:09 pm CDT

I'd like to take a brief moment to pay homage to the beauty that is GRSecurity. [www.grsecurity.com] This wonderful linux kernel add-on applies some rather valuable modifications to the default operations allowing a great deal of control over system operations. It can dramatically help to eliminate stack overflows and provides a number of functions to restrict the abilities of local users. (In fact you can even restrict root so that for example, certain libraries can't be called by the root user.)

To give you an idea of what this translates into:

jbly@boink jbly $ netstat -rn
/proc/net/route: Permission denied
INET (IPv4) not configured in this system.
jbly@boink jbly $

jbly@boink jbly $ ps -ef
UID        PID  PPID  C STIME TTY          TIME CMD
jbly   14620  9536  0 03:12 pts/0    00:00:00 su - jbly
jbly   10421 14620  0 03:12 pts/0    00:00:00 -bash
jbly    6928 10421  0 03:12 pts/0    00:00:00 ps -ef
jbly@boink c58841 $

To put it lightly, it's a beautiful piece of work. It allows you to do many things including:

• Randomize network source ports
• Randomize PIDs (just look at the PIDs for the above example)
• Restrict access to view process information for any other users (once again, see the above example)
• Restrict access to various functions in /proc
• RBAC to create very granular control including kernel code execution capabilities
• Restrict users from generating ANY network packets
• And much much more...

Truly sounds like a marketing spin, doesn't it. However I'm not a sales guy so you can trust I'm giving my honest opinion. This is a good piece of software. It's not for the feint of heart, believe me. However if you have the ability (if you can compile Apache and PHP, you can compile this) then it's worth the investment of time. It just might be the thing that keeps the bad guys outside knocking on the door. (Plead all you want. We have head phones.)

Trackback URL: http://www.mangeek.com/blogc/13track.html

Comments (0)