pattern-grsec-server

Grsecurity enhanced openSUSE, common server packages

Provide grsecurity enhanced kernel and utilities to manage the permissions. Install this to pull all packages for basic use on a server. home:dsterba:grsecurity

Testing version of grsecurity patches (latest stable)

Gcc with plugins enabled, administration tools. http://download.opensuse.org/repositories/home:/dsterba:/grsecurity/openSUSE_13.2/ home:dsterba:grsecurity:gcc48

Build of gcc 4.8 with plugins enabled

http://download.opensuse.org/repositories/home:/dsterba:/grsecurity:/gcc48/openSUSE_13.2/ openSUSE:13.2

Test setup for 13.2

This is really just a snapshot of Factory, but we need it to adapt the tools to later test and accept requests to it. http://download.opensuse.org/distribution/13.2/repo/oss/ paxctl

Utilities to modify PaX markings for to work with hardened kernel

The tool named paxctl allows PaX flags to be modified on a per-binary basis. PaX is part of common security-enhancing kernel patches and secure distributions. Your system needs to be running a properly patched and configured kernel for this program to have any effect. Extracted paxctl-ng from elfix and renamed to paxctl. linux-pax-flags

Deactivates PaX flags for several binaries to work with PaX enabled kernels

Deactivates PaX flags for several binaries to work with PaX enabled kernels. zypp-plugin-pax-flags

ZYpp plugin to refresh PaX flags after update

This plugin refreshes system-wide PaX flags after zypper update finishes. paxtest

Test suite for the PaX kernel patch

PaX is a Linux kernel patch which adds much stricter control on how memory is being used by applications. A normal Linux kernel leaves the control to the application and does not implement any enforcement. Especially buffer overflow attacks benefit from the absense of kernel enforced memory control. PaX tries to do its best to enforce this control of memory used by applications, thereby making it harder to successfully exploit buffer overflows. Paxtest provides a regression test suite that covers most (but not all) of PaX functionality. It can also be used to test other memory protection patches. For more information about PaX, see http://pax.grsecurity.net/. Additionally, checksec.sh utility is packaged: The checksec.sh script is designed to test what standard Linux OS and PaX security features are being used. Source: http://www.trapkit.de/tools/checksec.html Now using git://github.com/slimm609/checksec.sh gradm

Grsecurity administration tools

Grsecurity is a set of patches for the Linux kernel with an emphasis on enhancing security. Its typical application is in computer systems that accept remote connections from untrusted locations, such as web servers and systems offering shell access to its users. kernel-grsec-server

Kernel with grsecurity.net patches enabled. Config based on -default flavor.

Source Timestamp: 2016-10-17 09:42:14 +0200 GIT Revision: 820b01e3869da4f608c22376b40b83863086efc2 GIT Branch: grsecurity-3.1-4.7.8-201610161720