Maintaining those policies can be very costly. Just wondering what you are so paranoid about...Yes, can be.But the main point is that kernel-secure needs moreHi,Is it something like:
How many possibilities of add systrace[1] in the next release in
kernel-secure? It's sounds very good and not impact any system
without a policy configuration.The users that are using kernel-secure without expertise won't affected.
[1] = http://www.citi.umich.edu/u/provos/systrace/linux.html
http://www.systrace.org
http://sourceforge.net/projects/syscalltrack/
enhancements (in my view) for the next release.These enhancements can include: systrace, or something like it.
For paranoid users/admins like me, grsec with pax and some others
options enabled, a system updated and systrace with good policies
sounds like 'kiddies' out! :)
That's true... at work it's a $$$ issue.I known that i can put the pieces together manually, and i do in my own boxes running Debian GNU/Linux.But at work i don't have choice.
How much security is needed is mainly a business descision --> what do you want to protect (against what) and how much must it cost.
It's up to them to decide how much security is adequate.
Stefan
smime.p7s
Description: S/MIME Cryptographic Signature
