You are here

Greater security

Topics: 
Linux

I'm not really a guy who installs every new Linux kernel, but in general I like to follow in the slipstream of newer kernels. In practice, that means I'm maximum 3 or 4 kernel releases behind (I tend to follow the 2.2 kernel branch too). So now that Linux-2.4.23 has been released this weekend, and that my firewall was happily running 2.4.20, I decided to upgrade the box to 2.4.23. I wanted to increase significantly the security, by patching the kernel with the grsec patch, aka GReater SECurity. It's a modification in the line of big iron Unices, where the kernel is provided with ACLs, several randomizer like PIDs, auditing and security restrictions. I still have some tweaking to do, like tightening the kernel module loader, but in general, I'm quite satisfied with the result.