grsecurity forums

[timbgo]

Here I tried to give some help for new Debian users who would like to have their system protected with Grsecurity/Pax:

http://forums.debian.net/viewtopic.php? ... 6&p=516898

Grsecurity/Pax installation on Debian GNU/Linux

I hope it helps a few newbies.

Miroslav Rovis
Zagreb, Croatia
P.S. More coming from me these days, when I am well again. I am not now.

EDIT START
This is new:

"grsec: bruteforce prevention initiated due to crash"
https://forums.grsecurity.net/viewtopic.php?f=3&t=3841
and I have updated old posts with the appertaining photos:

"grsec: halting the system due to suspicious kernel crash"
https://forums.grsecurity.net/viewtopic.php?f=3&t=3709 sparsed in a few places

"grsec: halting the system... kernel crash, the Debian side"
https://forums.grsecurity.net/viewtopic.php?f=3&t=3712&p=13633#p13629

Thu Oct 31 12:05:15 UTC 2013
EDIT END

[timbgo]

Hot! For newbies using Debian!

I hope I haven't made typoes that introduce problems, but I do have to go to sleep, so I only wish to inform the interested public of the new installment, straight tips for installing Grsecurity/Pax on Debian (if amd64 arch, possibly, if no typoes I made, just use the commands, at your own rist):

http://forums.debian.net/viewtopic.php? ... 70#p519670

(once of course, you download all that you need, surely you may need to read around there a little...)

Miroslav Rovis
Zagreb, Croatia
P.S. It is (was, if you're reading this later) hot because the grsecurity was just posted on the Grsecurity's download page.

[timbgo]

I regard Debian GNU Linux important and not hopeless.
It is however ruined with SELinux that its leaders have followed faithfully in recent years, and there is somewhere, I suspect if I may, dishonesty and treason. Treason of the users and of the ideal of GNU and freedom.
Because Grsecurity is effectively banned from Debian, and it's been so for years.
I can't take the sight of that truth without my interior revulsing...
The problem is the, I suspect if I may, censorship, and a very subtle one, that is taking place in the media machine as much as marketing throgh repositories and forums, if I manage to express my meaning here... through the offer to users, offer of products for their Debian to install, offer-marketing of their Debian, on the whole, with the spy-security of SELinux as base...
I hope I expressed myself crearly enough.
You, the user of Debian GNU Linux who are reading these lines, to you I address my warm recommendations here.
Think a little more deeply about the issues above!
Don't just discard my points!
Help me break these very subtle censorship barriers!
A more difficult thought/concept to express here follows on whether or not it is censorship in question here...
It's very very similar to what Google does with Youtube videos, as when the regime in power and the regime that calls the shots for a particular video uploder-user (such as I have noticed on sooo many videos I uploaded, I am user miroR2 on Youtube, but I don't want to clutter here with non-grsecurity related links)...
As the regime/company/other entity pays or gives favors in return to get, as that entity asks of Google, they get it: the video in question is very subtly censored. It very very sufficient so often to just keep the views down.
Never mind that hundreds viewed a video in mere hours, the views are still mere, say twenty or thirty and grow slooowly...
Or... the video is simply not shown... Never mind hundreds subscribe to a particular video channel, if a video is not liked by a company's CEO or some regime's minister, it is not sent the link to all, but just a few of the subscribed, those that the "owner" of the channel, the uploder of the video, is,. say, expected to be in touch...
The same there, on Debian forums.
That's what I suspect could be happenning...
In what exact ways, I have no more time to investigate...
And not even time to explain further how I got to this suspicion of mine.
Pls. have a look at the links, and, pls. don't keep them to yourself!
Help me break this censorship!
I'm giving the links to the very last posts of mine on three different topics, and I will check on the correctness of what I am posting here, there will be no dead links at the time that I am posting this, no!
http://forums.debian.net/viewtopic.php? ... 16#p519670
http://forums.debian.net/viewtopic.php? ... 20#p519765
http://forums.debian.net/viewtopic.php? ... 15#p519885
Miroslav Rovis,
Zagreb, Croatia
This post will be edited shortly, just to post the sha256 sums of the screencast/traffic capture files taken while posting this very post.

EDIT as promised
:526e77992a51268d0f92220613bdf9fbad193a1f1551f8b960c2331cbda67482 dump_131124_204221_naibd7.pcapng
fd933fa45b38981b921072f0c93ab4baf2c5e7fb77089ce995bf10f25ed436f2 Screen_131124_2042_naibd7.mkv
EDIT end

And with that I'll be out of the time, in this round of my contributions, that I can dedicate to Grsecurity/Pax, the programs that I regard are the ones that can save the GNU Linux.
Spender and Pax Team, pls keep up the spite to work to show the world that GNU Linux can be secure!

[timbgo]

Tue Jan 7 03:45:29 UTC 2014
Since the Debian Forums is currently either sluggish or inaccessible (that's what happens when you apply spyware in your programs, of sourse I mean SELinux, and I'd like to remind the clever Debian leaders how they scoffed at Spender when he, humble person as he is, gently asked whether they would implement Grsecurity in Debian... No, I'm not relishing in your defeats, they are mine too, I need Debian... But mend your ways, it's not too late, brothers! Debian shone in the stars and you brought it in the mud with your haughtiness and brutal stubborness against things good!)...
Debian Forums is down, and somebody check and report, pls.,because it could also be that they are blocking me, could only be so theoretically because I'm browsing with Tor, but still, somebody check and report, pls.
Try and open:
http://forums.debian.net/viewtopic.php? ... 15#p519885
or anything else on http://forums.debian.net/

But I was trying to say, since Debian Forums is down, and if it remains so for a few more hours,,I'll post here what I meant for there, but in a separate post, marking it on top why...
Miroslav Rovis
Zagreb, Croatia
www.CroatiaFidelis.hr
P.S. Just before posting this, Debian Forums is back, functioning.
So I can give new links here:
http://forums.debian.net/viewtopic.php? ... 16#p525161
Work in progress.

[timbgo]

Just posted, for last night's Grsec:
http://forums.debian.net/viewtopic.php? ... 14#p525714
Miroslav Rovis
Zagreb, Croatia
www.CroatiaFidelis.hr

[timbgo]

Debian users, I plan explanations, more in detail, here:
http://forums.debian.net/viewtopic.php?f=16&t=108616
the latest just posted is this post:
http://forums.debian.net/viewtopic.php? ... 54#p526554
but here are the packages that I installed and

############# use at your own risk ###############
I guarantie nothing at all, but it works for me
#################################################

you could venture and try these out:
http://www.croatiafidelis.hr/gnu/deb/src-3.12.8-grsec/
Pls. report here the Grsecurity specific issues that you might encounter with my packages.
Miroslav Rovis
Zagreb, Croatia,
www.CroatiaFidelis.hr

[timbgo]

I've updated the tips:

http://forums.debian.net/viewtopic.php? ... 57#p530798

http://forums.debian.net/viewtopic.php? ... 57#p530857

Miroslav Rovis
Zagreb, Croatia
www.CroatiaFidelis.hr

[timbgo]

Here are the packages:
EDIT start:
I just gave this page a much better look and lots more explaning:
http://croatiafidelis.hr/gnu/deb/linux- ... sec140219/
Thu Feb 20 02:40:16 GMT 2014
Skim fast through the rest of this post, not really needed, rather read the above page, it's more complete!
EDIT end
Since only one is hefty...
...
...it is only this one that is some 330MB:
linux-image-3.13.3-grsec140219-03-dbg_3.13.3-grsec140219-03-1_amd64.deb

Pls. let me know if verification fails. If that happen to be the case, post on:
http://forums.debian.net/viewtopic.php? ... 74#p530874
or here
A.S.A.P.

Miroslav Rovis
Zagreb, Croatia
http://www.CroatiaFidelis.hr

[timbgo]

I am glad I do support good causes and do the right things, hopefully, well at least occasionally
So here is more:
http://forums.debian.net/viewtopic.php? ... 72#p533872
Pls., people, it's not about anyone seeking fame or notoriety let alone any base interests.
It's about us, about freedom which there is none without privacy, and no privacy there is without security, and the Greater Security is here!
There the link above is for the newest script that a daring newbie could follow, and successfully, to install a shiny better kernel than the stock Debian kernel that she or he already has, at least I hope that the script could work for even many an avarage user of Debian AMD64 arch (or modified also for other arches).
Enjoy!
Miroslav Rovis
Zagreb, Croatia
http://www.CroatiaFidelis.hr

[timbgo]

There are packages that, surely at user's own risk, can be downloaded and install.

Only amd64 arch:
http://www.croatiafidelis.hr/gnu/deb/li ... c-current/

I've just explained it here:
http://forums.debian.net/viewtopic.php? ... 73#p533973

Miroslav Rovis,
Zagreb, Croatia,
http://www.CroatiaFidelis.hr

[timbgo]

There are packages that, surely at user's own risk, can be downloaded and install.

Only amd64 arch:
http://www.croatiafidelis.hr/gnu/deb/li ... c-current/

That is the page where I plan to keep always the latest packages.
Today I just uploaded (at speed of around 50KB/s, thank you Iskon (my provider in Croatia; I pay for multiple times that speed...)), the Grsec patched kernel 3.13.9 packages.
I understood it is better than to wait for Grsec for 3.14 because 3.14 is not really stable...
These install fine and on master machine and two clones I tested them.

I still can't promise to compile and post these packages regularly even in these intervals of around one month time; because there are oo many non-related hardhips and risks in my life.

Any sensible feedback very welcome!

Miroslav Rovis,
Zagreb, Croatia,
http://www.CroatiaFidelis.hr

[timbgo]

The latest work of mine to allow non-expert to use Grsecurity on Debian systems is here in packages:

http://croatiafidelis.hr/gnu/deb/linux- ... c-current/

while in script I decided to publish it on:

https://github.com/miroR/grsec-deb-compile

and Debian-wise all the talk is here:

Grsecurity/Pax installation on Debian GNU/Linux
http://forums.debian.net/viewtopic.php? ... 10#p541410

Pls. note that what I deploy there is not, and certainly I do not regard it as such, any innovation or real contribution.

No! It's just, and I do regard it as such, a best-effort help for newbies!

Thanks for the interest,
Miroslav Rovis
http://www.CroatiaFidelis.hr

[careta]

hi timbgo,

any reason why you are not using make-kpkg? It is the recommended way to create custom kernel packages in Debian - see https://www.debian.org/releases/stable/ ... 06.html.en. I do that myself for all grsec kernels I build and works like a charm.

Regards,
careta

[timbgo]

hi timbgo,

any reason why you are not using make-kpkg? It is the recommended way to create custom kernel packages in Debian - see https://www.debian.org/releases/stable/ ... 06.html.en. I do that myself for all grsec kernels I build and works like a charm.

Regards,
careta

Hi careta,
I referred to docs on wikibooks and dpkg is recommended there:
Grsecurity/Configuring and Installing grsecurity
https://en.wikibooks.org/wiki/Grsecurit ... grsecurity
no kpkg there,
"Ctrl+F dpkg" There!

The "dpkg -i *.deb" works faultlessly.
But,careta, this question is for the Debian Forums side of the story, not for here.
Miroslav Rovis
(sorry for having lost my identity with stupid "timbgo". It was because I toyed some with anonimity, Tor and things)
www.CroatiaFidelis.hr

[timbgo]

Changes... Issues...

Unfortunately, I can't find some two or three hours to upload the new packages that I did for myself, with the
20140425 Grsec, but the instructions are here:
Grsecurity/Pax installation on Debian GNU/Linux
http://forums.debian.net/viewtopic.php? ... 06#p541906
as well as my loud talk on what I suspect happened, why the previous Grsec had issues.
Pls. read there.

Miroslav Rovis
http://www.CroatiaFidelis.hr