| View previous topic :: View next topic |
| Author |
Message |
Goverp
Advocate
Joined: 07 Mar 2007
Posts: 2142
|
 Posted: Wed Oct 16, 2024 12:13 pm Post subject: make hardening.config |
 |
|
There's a relatively new (kernel 6.7) "hardening.config" "make" target for the kernel. I thought I'd try it. It clams to set various settings which provide more security without too heavy a performance overhead.
It's easy to use - in your kernel build directory (usually /usr/src/linux for vanilla Gentoo setups), and run
| Code: | | make hardening.config |
It keeps the rest of your configuration untouched.
It added a few more checks to my kernel - I disabled some I thought were overkill for my environment. I'll report back later if I notice any performance impact.
(Note that I use git sources from kernel.org rather than gentoo-sources; maybe the latter arleady include the hardened settings.)
_________________
Greybeard |
|
| Back to top |
|
 |
pietinger
Moderator
Joined: 17 Oct 2006
Posts: 4956
Location: Bavaria
|
|
| Back to top |
|
|
NeddySeagoon
Administrator
Joined: 05 Jul 2003
Posts: 54561
Location: 56N 3W
|
| Posted: Wed Oct 16, 2024 12:51 pm Post subject: |
|
|
Beaten by a short _ead.
gentoo-sources does include several preset knobs for hardening
You can use the groups or set them to your taste
_________________
Regards,
NeddySeagoon
Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail. |
|
| Back to top |
|
|
user
Apprentice
Joined: 08 Feb 2004
Posts: 211
|
| Posted: Wed Oct 16, 2024 1:57 pm Post subject: |
|
|
Hi,
package app-admin/kernel-hardening-checker is also helpful for searching through unstructured kernel config options regarding hardening items. |
|
| Back to top |
|
|
|
Kernel & Hardware
