Grsecurity es un enfoque innovador para la seguridad. Es un proyecto que ofrece varios parches al núcleo de Linux que mejoran la seguridad global de su sistema, utiliza: "multi-layered detection, prevention, and containment model". Es licenciado bajo GPL.
Web oficial del proyecto: www.grsecurity.org
Web oficial del proyecto: www.grsecurity.org
Algunas caracteristicas:
- An intelligent and robust Role-Based Access Control (RBAC) system that can generate least privilege policies for your entire system with no configuration
- Change root (chroot) hardening
- /tmp race prevention
- Extensive auditing
- Prevention of arbitrary code execution, regardless of the technique used (stack smashing, heap corruption, etc)
- Prevention of arbitrary code execution in the kernel
- Randomization of the stack, library, and heap bases
- Kernel stack base randomization
- Protection against exploitable null-pointer dereference bugs in the kernel
- Reduction of the risk of sensitive information being leaked by arbitrary-read kernel bugs
- A restriction that allows a user to only view his/her processes
- Security alerts and audits that contain the IP address of the person causing the alert
En el siguiente link se discuten en mas detalle las variadas características provistas por grsecurity.
Link relacionados
- Guía en español de Grsecurity v2 de Gentoo
- Securityfocus
No hay comentarios:
Publicar un comentario