Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
tinkering with hardened gentoo
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Installing Gentoo
View previous topic :: View next topic  
Author Message
erg_samowzbudnik
n00b
n00b


Joined: 09 Sep 2011
Posts: 50
Location: uk/sticks

PostPosted: Wed Nov 23, 2016 3:51 pm    Post subject: tinkering with hardened gentoo Reply with quote

Hi all,

I would like to try out gentoo-hardened.
I have a separate partition of 50G devoted for it on the same drive as my current gentoo.
I'm thinking of sharing /boot partition with the existing system.
Is it not going asking for troubles?
On the existing system I have CONFIG_DEFAULT_SECURITY="selinux" set in kernel but
https://wiki.gentoo.org/wiki/Knowledge_Base:Sharing_partitions_between_Linux_systems
says that one system recognising extended atributes and the other not may be an issue and that SELinux is one of them but does not elaborate on other cases.

SO the question would be how to do it in a safe manner? Isn't hell going to break loose on me?

I'm somewhat noobish, hope I'm phrasing my question right.

Thanks for suggestions
Back to top
View user's profile Send private message
324874
Apprentice
Apprentice


Joined: 26 Jul 2014
Posts: 168

PostPosted: Thu Nov 24, 2016 7:56 am    Post subject: Reply with quote

You have to read the documentation about the hardened system to understand the protection mechanisms.
Back to top
View user's profile Send private message
toralf
Developer
Developer


Joined: 01 Feb 2004
Posts: 3686
Location: Hamburg

PostPosted: Thu Nov 24, 2016 9:16 am    Post subject: Reply with quote

hardened Gentoo comes with different flavours. You might consider to try GRsecurity+PAX - low hanging fruits IMO.
Back to top
View user's profile Send private message
NeddySeagoon
Administrator
Administrator


Joined: 05 Jul 2003
Posts: 43194
Location: 56N 3W

PostPosted: Thu Nov 24, 2016 11:38 am    Post subject: Reply with quote

erg_samowzbudnik,

GRsecurity+PAX and SElinux are intended to defend against different threat models.

GRsecurity+PAX tries to stop faulty software being exploited.
SElinux assumes that everything works but limits what users can do.
That's a bit simplistic but its correct as far as it goes.

Assess the threats you want to defend against then deploy suitable defences.

There should not be any problems sharing /boot as none of the security systems start until the kernel is loaded. By that time the boot loader has done its job.
_________________
Regards,

NeddySeagoon

Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Installing Gentoo All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum