Difference between revisions of "IDP/Grsecurity"

From ESS-WIKI
Jump to: navigation, search
(Created page with "=Overview= [https://grsecurity.net/ Grsecurity]® is an extensive security enhancement to the Linux kernel that defends against a wide range of security threats through intell...")
 
 
Line 17: Line 17:
 
  gradm -S                          Check the RBAC system's status
 
  gradm -S                          Check the RBAC system's status
 
  gradm -F -L /tmp/full_learning.log Enable the grsecurity Full Learning mode
 
  gradm -F -L /tmp/full_learning.log Enable the grsecurity Full Learning mode
 +
 +
=Pass the Qualification3.0=
 +
You need copy the grsec's policy
 +
cp /etc/grsec/policy.example /etc/grsec/policy
 +
 +
=Working with PaX=
 +
In this section you will create default PaX flags on an ELF binary file, then disable the stack flag MPROTECT to let grsecurity access memory pages.
 +
 +
{| class="wikitable"
 +
|-
 +
! PaX Flag !! Argument to Disable !! Argument to Enable
 +
|-
 +
| PAGEEXEC || -p || -P
 +
|-
 +
| EMUTRAMP || -e|| -E
 +
|-
 +
| MPROTECT || -m || -M
 +
|-
 +
| RANDMMAP || -r || -R
 +
|-
 +
| RANDEXEC || -x || -X
 +
|-
 +
| SEGMEXEC || -s || -S
 +
|}

Latest revision as of 08:18, 7 March 2016

Overview

Grsecurity® is an extensive security enhancement to the Linux kernel that defends against a wide range of security threats through intelligent access control, memory corruption-based exploit prevention, and a host of other system hardening that generally require no configuration. It has been actively developed and maintained for the past 14 years. Commercial support for grsecurity is available through Open Source Security, Inc. Role-Based Access Control (RBAC)

Role-Based Access Control (RBAC)

grsecurity’s RBAC provides full learning mode for generating security policy rules. The default policy is located in the /etc/grsec/policy file.

grsecurity RBAC Command Reference

administration utility gradm manages the RBAC system.

command                            Description
gradm -P [rolename]                Setup RBAC administration or special role password
gradm -E                           Enable the grsecurity RBAC system
gradm -D                           Disable the grsecurity RBAC system
gradm -C                           Check the RBAC policy for errors
gradm -S                           Check the RBAC system's status
gradm -F -L /tmp/full_learning.log Enable the grsecurity Full Learning mode

Pass the Qualification3.0

You need copy the grsec's policy

cp /etc/grsec/policy.example /etc/grsec/policy

Working with PaX

In this section you will create default PaX flags on an ELF binary file, then disable the stack flag MPROTECT to let grsecurity access memory pages.
PaX Flag Argument to Disable Argument to Enable
PAGEEXEC -p -P
EMUTRAMP -e -E
MPROTECT -m -M
RANDMMAP -r -R
RANDEXEC -x -X
SEGMEXEC -s -S