grsecurity is a complete security system for Linux
2.4 and 2.6 that implements a
detection/prevention/containment strategy. It
prevents most forms of address space modification,
confines programs via its Role-Based Access
Control system, hardens syscalls, provides
full-featured auditing, and implements many of the
OpenBSD randomness features. It was written for
performance, ease-of-use, and security. The RBAC
system has an intelligent learning mode that can
generate least privilege policies for the entire
system with no configuration. All of grsecurity
supports a feature that logs the IP of the
attacker that causes an alert or audit.
Project Release infomations and Project Resources. Note that these informations are from this projects Freecode.com page and the downloads themselves may not be hosted with SourceForge.JP.
Fixes to PaX flag support in RBAC system. PaX updates for non-x86 architectures in 2.4.34 patch. A setpgid in chroot problem has been fixed. The randomized PIDs feature has been removed. This release fixes /proc usage in a chroot in 2.6 patch. It adds an admin role to generated policy from full learning. It resynchronizes the PaX code in the 2.4 patch. It has been updated to Linux 2.4.34 and 188.8.131.52.
Changes include RBAC system bugfixes and two new PaX features, one which deters physical memory forensics by an attacker, and another that prevents an entire class of kernel vulnerabilities from being exploited. Updated to the 2.4.33 and 184.108.40.206 Linux kernels.
Changes in this release include new PaX flag support in the RBAC system, interface support for RBAC network policies, additional gradm analysis, a sysctl variable for disabling the ability to load or unload kernel modules at runtime, PaX updates, and a fix for a serious RBAC bug where an admin role could be left on a restarted service if the admin exited his shell without unauthenticating from the role first.
This release for the 2.4.32-rc3 and 220.127.116.11 Linux kernels overhauls the
internals of the RBAC system, converting searching and storing of policy
information to chained hash tables. Several important bugs have been
fixed, and PaX has been updated for this release.