On 29 Dec 2007 at 15:08, Michel Arboi wrote:
> On Dec 29, 2007 1:37 PM, <[EMAIL PROTECTED]> wrote:
> > it's needed for KEXEC or KDUMP, iirc.
>
> Mmmmhhh... Do we really need that on a hardened system??
i think they're orthogonal to hardened as they're more related
to reliability than security p
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Well, sshd does perform dns queries on connecting hosts, to try and
determine if they're legit connections. I'm not sure about port 0/udp
though. You could try turning off the 'UseDNS' function in
/etc/ssh/sshd_config, and then see if there are
For grsec policy related questions I suggest using the upstream
grsec mailing list.
On Sat, 2007-12-29 at 18:11 +0100, [EMAIL PROTECTED] wrote:
> I've found a bunch of these messages in my log:
> "grsec: From 219.87.17.209: (root:U:/usr/sbin/sshd) denied connect() to
> 219.87.17.3 port 0 sock ty
I've found a bunch of these messages in my log:
"grsec: From 219.87.17.209: (root:U:/usr/sbin/sshd) denied connect() to
219.87.17.3 port 0 sock type dgram protocol udp by /usr/sbin/sshd[sshd:19031]
uid/euid:0/0 gid/egid:0/0, parent /usr/sbin/sshd[sshd:4997] uid/euid:0/0
gid/egid:0/0"
Along with the
On Dec 29, 2007 1:37 PM, <[EMAIL PROTECTED]> wrote:
> it's needed for KEXEC or KDUMP, iirc.
Mmmmhhh... Do we really need that on a hardened system??
> check out the PaX patch alone (grsecurity.net/test.php)
OK, I'll have a look at it.
--
[EMAIL PROTECTED] mailing list
On 29 Dec 2007 at 14:21, Michel Arboi wrote:
> Since sys-kernel/hardened-sources was updated to 2.6.23, my kernels
> freezed on boot. The machine is headless, I needed some time to
> investigate and fix this. I stayed in 2.6.20 meanwhile. I finally had
> a look at it. I got a working 2.6.23 kernel
Since sys-kernel/hardened-sources was updated to 2.6.23, my kernels
freezed on boot. The machine is headless, I needed some time to
investigate and fix this. I stayed in 2.6.20 meanwhile. I finally had
a look at it. I got a working 2.6.23 kernel by removing the "Build a
relocatable kernel" option.
