1 files changed, 53 insertions, 0 deletions

diff --git a/core/hardening.html b/core/hardening.html
new file mode 100644
index 0000000..91cd8e9
--- /dev/null
+++ b/core/hardening.html
@@ -0,0 +1,53 @@
+<!DOCTYPE html>
+<html dir="ltr" lang="en">
+    <head>
+        <meta charset='utf-8'>
+        <title>2.2. Hardening</title>
+    </head>
+    <body>
+
+        <a href="index.html">Core OS Index</a>
+
+        <h1>2.2. Hardening</h1>
+
+        <p>Kernel in ports have upstream linux kernel and
+        grsecurity patch, it should break building some packages,
+        install follow tools;</p>
+
+        <pre>
+        $ sudo prt-get depinst gradm paxtest paxctld checksec lynis
+        </pre>
+
+        <p>Information about <a href="grsecurity.html">grsecurity</a> kernel
+        configuration, <a href="grsecurity.html#pax">pax</a> and
+        <a href="grsecurity.html#gradm">gradm</a>.</p>
+
+        <p>Lynis gives a view of system overall configuration, without changing
+        default profile it runs irrelevant tests. Create a lynis profile by
+        coping default one and run lynis;</p>
+
+        <pre>
+        $ sudo cp /etc/lynis/default.prf /etc/lynis/custom.prf
+        $ sudo lynis configure settings color=yes
+        $ sudo lynis show settings
+        $ sudo lynis show profile
+        </pre>
+
+        <pre>
+        $ lynis audit system > lynis_report
+        $ mv /tmp/lynis.log .
+        $ mv /tmp/lynis-report.dat .
+        </pre>
+
+        <p>Add unnecessary tests to profile to have less noise.</p>
+
+
+        <a href="index.html">Core OS Index</a>
+        <p>This is part of the c9 Manual.
+        Copyright (C) 2017
+        c9 team.
+        See the file <a href="../fdl-1.3-standalone.html">Gnu Free Documentation License</a>
+        for copying conditions.</p>
+
+    </body>
+</html>