Are you REALLY using hardening Kernel technologies ?

Chat about Linux in general
Forum rules
Do not post support questions here. Before you post read the forum rules. Topics in this forum are automatically closed 6 months after creation.
Locked

How many of you are REALLY using for your main OS some hardening Kernel technologies such as :

SELinux ?
1
8%
Apparmor ?
4
31%
Grsecurity ?
1
8%
Other ?
1
8%
Noone !
6
46%
 
Total votes: 13

Nobody Nessie

Are you REALLY using hardening Kernel technologies ?

Post by Nobody Nessie »

Are you using hardening / security policy systems such as SELinux, Grsecurity, Apparmor, or other ones (?), in your main Operating System(s) ?

Please share your experience, advantages/disadvantages, easy to use, or not, the strengh of your security policy, etc ! Thanks ! :D
Last edited by LockBot on Wed Dec 28, 2022 7:16 am, edited 1 time in total.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
User avatar
Pilosopong Tasyo
Level 6
Level 6
Posts: 1432
Joined: Mon Jun 22, 2009 3:26 am
Location: Philippines

Re: Are you REALLY using hardening Kernel technologies ?

Post by Pilosopong Tasyo »

Not a support question. Moved to Chat about Linux.
o Give a man a fish and he will eat for a day. Teach him how to fish and he will eat for a lifetime!
o If an issue has been fixed, please edit your first post and add the word [SOLVED].
Nobody Nessie

Re: Are you REALLY using hardening Kernel technologies ?

Post by Nobody Nessie »

OK, thanks !

In case of "others", would you please share with us what tools/tricks/methods are you using ?

PS : the poll is anonymous, don't be affraid to answer ! :D

Thank you very much !
eanfrid

Re: Are you REALLY using hardening Kernel technologies ?

Post by eanfrid »

I use Tomoyo (LSM) on my Debian servers which are opened to the Internet.
shengchieh

Re: Are you REALLY using hardening Kernel technologies ?

Post by shengchieh »

My guess is: it would make a difference if you are using a linux distro as a server or as a desktop. Most people here use LM as a desktop and probably just use LM as is - not bothering to add stuffs.

Sheng-Chieh
Habitual

Re: Are you REALLY using hardening Kernel technologies ?

Post by Habitual »

It is the users that need to be hardened, not the kernel.
</opinion>
Slackware: hardened by default.
Nobody Nessie

Re: Are you REALLY using hardening Kernel technologies ?

Post by Nobody Nessie »

Habitual wrote:It is the users that need to be hardened, not the kernel.
</opinion>
It would be an enormous and really very interesting discussion. I agree ! Please, do not open a topic on that subject, I need to keep a little bit of free time ! :D
linux_rules
Level 4
Level 4
Posts: 277
Joined: Sun Apr 24, 2011 1:51 am

Re: Are you REALLY using hardening Kernel technologies ?

Post by linux_rules »

I use apparmor under Mint but I use none under Manjaro.

I wanted to use selinux so I installed Fedora 20 but after installing the Nvidia driver from rpmfusion I got a black screen with a blinking cursor.
Previous1

Re: Are you REALLY using hardening Kernel technologies ?

Post by Previous1 »

If users need to be hardened, you're doing it wrong...

Voted grsecurity.
teatime

Re: Are you REALLY using hardening Kernel technologies ?

Post by teatime »

Apparmor enabled for system and for additional chromium sandboxing I have enabled YAMA (chrome://sandboxing =>

SUID Sandbox Yes
PID namespaces Yes
Network namespaces Yes
Seccomp-BPF sandbox YEs
Yama LSM enforcing YES
.
Locked

Return to “Chat about Linux”