path: root/core/hardening.html



<!DOCTYPE html>
<html dir="ltr" lang="en">
    <head>
        <meta charset='utf-8'>
        <title>2.2. Hardening</title>
    </head>
    <body>

        <a href="index.html">Core OS Index</a>

        <h1>2.2. Hardening</h1>

        <p>Kernel in ports have upstream linux kernel and
        grsecurity patch, it should break building some packages,
        install follow tools;</p>

        <pre>
        $ sudo prt-get depinst gradm paxtest paxctld checksec lynis
        </pre>

        <p>Information about <a href="grsecurity.html">grsecurity</a> kernel
        configuration, <a href="grsecurity.html#pax">pax</a> and
        <a href="grsecurity.html#gradm">gradm</a>.</p>

        <p>Lynis gives a view of system overall configuration, without changing
        default profile it runs irrelevant tests. Create a lynis profile by
        coping default one and run lynis;</p>

        <pre>
        $ sudo cp /etc/lynis/default.prf /etc/lynis/custom.prf
        $ sudo lynis configure settings color=yes
        $ sudo lynis show settings
        $ sudo lynis show profile
        </pre>

        <pre>
        $ lynis audit system > lynis_report
        $ mv /tmp/lynis.log .
        $ mv /tmp/lynis-report.dat .
        </pre>

        <p>Add unnecessary tests to profile to have less noise.</p>


        <a href="index.html">Core OS Index</a>
        <p>This is part of the c9 Manual.
        Copyright (C) 2017
        c9 team.
        See the file <a href="../fdl-1.3-standalone.html">Gnu Free Documentation License</a>
        for copying conditions.</p>

    </body>
</html>
<!DOCTYPE html>
<html dir="ltr" lang="en">
    <head>
        <meta charset='utf-8'>
        <title>2.2. Hardening</title>
    </head>
    <body>

        <a href="index.html">Core OS Index</a>

        <h1>2.2. Hardening</h1>

        <p>Kernel in ports have upstream linux kernel and
        grsecurity patch, it should break building some packages,
        install follow tools;</p>

        <pre>
        $ sudo prt-get depinst gradm paxtest paxctld checksec lynis
        </pre>

        <p>Information about <a href="grsecurity.html">grsecurity</a> kernel
        configuration, <a href="grsecurity.html#pax">pax</a> and
        <a href="grsecurity.html#gradm">gradm</a>.</p>

        <p>Lynis gives a view of system overall configuration, without changing
        default profile it runs irrelevant tests. Create a lynis profile by
        coping default one and run lynis;</p>

        <pre>
        $ sudo cp /etc/lynis/default.prf /etc/lynis/custom.prf
        $ sudo lynis configure settings color=yes
        $ sudo lynis show settings
        $ sudo lynis show profile
        </pre>

        <pre>
        $ lynis audit system > lynis_report
        $ mv /tmp/lynis.log .
        $ mv /tmp/lynis-report.dat .
        </pre>

        <p>Add unnecessary tests to profile to have less noise.</p>


        <a href="index.html">Core OS Index</a>
        <p>This is part of the c9 Manual.
        Copyright (C) 2017
        c9 team.
        See the file <a href="../fdl-1.3-standalone.html">Gnu Free Documentation License</a>
        for copying conditions.</p>

    </body>
</html>