IDP/Grsecurity

From ESS-WIKI
Revision as of 08:18, 7 March 2016 by Winston (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Overview

Grsecurity® is an extensive security enhancement to the Linux kernel that defends against a wide range of security threats through intelligent access control, memory corruption-based exploit prevention, and a host of other system hardening that generally require no configuration. It has been actively developed and maintained for the past 14 years. Commercial support for grsecurity is available through Open Source Security, Inc. Role-Based Access Control (RBAC)

Role-Based Access Control (RBAC)

grsecurity’s RBAC provides full learning mode for generating security policy rules. The default policy is located in the /etc/grsec/policy file.

grsecurity RBAC Command Reference

administration utility gradm manages the RBAC system.

command                            Description
gradm -P [rolename]                Setup RBAC administration or special role password
gradm -E                           Enable the grsecurity RBAC system
gradm -D                           Disable the grsecurity RBAC system
gradm -C                           Check the RBAC policy for errors
gradm -S                           Check the RBAC system's status
gradm -F -L /tmp/full_learning.log Enable the grsecurity Full Learning mode

Pass the Qualification3.0

You need copy the grsec's policy

cp /etc/grsec/policy.example /etc/grsec/policy

Working with PaX

In this section you will create default PaX flags on an ELF binary file, then disable the stack flag MPROTECT to let grsecurity access memory pages.
PaX Flag Argument to Disable Argument to Enable
PAGEEXEC -p -P
EMUTRAMP -e -E
MPROTECT -m -M
RANDMMAP -r -R
RANDEXEC -x -X
SEGMEXEC -s -S