Grsecurity - Miscellaneous Features

Miscellaneous Features

grsecurity also adds enhanced auditing to the Linux kernel. It can be configured to audit a specific group of users, mounting/unmounting of devices, changes to the system time and date, and chdir logging, amongst other things. Some of these other audits allow the admin to also log denied resource attempts, failed fork attempts, IPC creation and removal, and Exec logging with arguments.

Trusted path execution is another optional feature that can be used to prevent users from executing binaries that are not owned by the root user, or are world-writable. This is useful to prevent users from executing their own malicious binaries or accidentally executing world-writable system binaries that could have been modified by a malicious user.

grsecurity also hardens the way chroot "jails" work. A chroot jail can be used to isolate a particular process from the rest of the system, which can be used to minimise the potential for damage should the service be compromised. There are ways to "break out" of a chroot jail, which grsecurity attempts to prevent.

There are also other features that increase security and prevent users from gaining unnecessary knowledge about the system, such as restricting the dmesg and netstat commands to the root user.

List of additional features and security improvements:

  • /proc restrictions that don't leak information about process owners
  • Symlink/hardlink restrictions to prevent /tmp races
  • FIFO restrictions
  • Dmesg(8) restriction
  • Enhanced implementation of Trusted Path Execution
  • GID-based socket restrictions
  • Nearly all options are sysctl-tunable, with a locking mechanism
  • All alerts and audits support a feature that logs the IP address of the attacker with the log
  • Stream connections across unix domain sockets carry the attacker's IP address with them (on 2.4 only)
  • Detection of local connections: copies attacker's IP address to the other task
  • Automatic deterrence of exploit brute-forcing
  • Low, Medium, High, and Custom security levels
  • Tunable flood-time and burst for logging

Read more about this topic:  Grsecurity

Famous quotes containing the word features:

    All visible objects, man, are but as pasteboard masks. But in each event—in the living act, the undoubted deed—there, some unknown but still reasoning thing puts forth the mouldings of its features from behind the unreasoning mask. If man will strike, strike through the mask!
    Herman Melville (1819–1891)