Grsecurity - Miscellaneous Features

Miscellaneous Features

grsecurity also adds enhanced auditing to the Linux kernel. It can be configured to audit a specific group of users, mounting/unmounting of devices, changes to the system time and date, and chdir logging, amongst other things. Some of these other audits allow the admin to also log denied resource attempts, failed fork attempts, IPC creation and removal, and Exec logging with arguments.

Trusted path execution is another optional feature that can be used to prevent users from executing binaries that are not owned by the root user, or are world-writable. This is useful to prevent users from executing their own malicious binaries or accidentally executing world-writable system binaries that could have been modified by a malicious user.

grsecurity also hardens the way chroot "jails" work. A chroot jail can be used to isolate a particular process from the rest of the system, which can be used to minimise the potential for damage should the service be compromised. There are ways to "break out" of a chroot jail, which grsecurity attempts to prevent.

There are also other features that increase security and prevent users from gaining unnecessary knowledge about the system, such as restricting the dmesg and netstat commands to the root user.

List of additional features and security improvements:

  • /proc restrictions that don't leak information about process owners
  • Symlink/hardlink restrictions to prevent /tmp races
  • FIFO restrictions
  • Dmesg(8) restriction
  • Enhanced implementation of Trusted Path Execution
  • GID-based socket restrictions
  • Nearly all options are sysctl-tunable, with a locking mechanism
  • All alerts and audits support a feature that logs the IP address of the attacker with the log
  • Stream connections across unix domain sockets carry the attacker's IP address with them (on 2.4 only)
  • Detection of local connections: copies attacker's IP address to the other task
  • Automatic deterrence of exploit brute-forcing
  • Low, Medium, High, and Custom security levels
  • Tunable flood-time and burst for logging

Read more about this topic:  Grsecurity

Famous quotes containing the word features:

    “It looks as if
    Some pallid thing had squashed its features flat
    And its eyes shut with overeagerness
    To see what people found so interesting
    In one another, and had gone to sleep
    Of its own stupid lack of understanding,
    Or broken its white neck of mushroom stuff
    Short off, and died against the windowpane.”
    Robert Frost (1874–1963)