| Posted by LeadDogGraphicStudio, 03-19-2015, 02:47 PM | | I have read many threads and articles on security, many of them advise installing the GRSecurity kernel to mitigate many common threats and exploits, however finding any recent articles on installing and configuring GRSecurity is near impossible.
I am particularly looking for installation instructions for a server with cPanel / WHM, as I don't want to run into any compatibility issues or configurations that block access for cPanel functions.The cPanel documentation now recommends installing this kernel as a solution for the symlink race condition here, however they do not give any info on going about that.
I have also read in more than one thread stating that there is not much good information as compiling a kernel for a sever is not a task to be taken up by new server admins as it is quite complicated but I don't think that is a great answer.
If someone could please provide some instructions on configuring it, there are a few tutorials that will help with installing it, I started a thread a few years ago but was ultimately not able to get GRSecurity configured to work properly and had to abandon the effort.
|
| Posted by zacharooni, 03-19-2015, 03:34 PM | | Definitely recommended if your primary concern is security, but it does replace the kernel, and you'll have to work it into every kernel update. CloudLinux implements a few things from grsecurity, but not nearly as much though.
I would recommend looking through the wikibooks as your first stop:
https://en.wikibooks.org/wiki/Grsecurity
|
| Posted by Julien@Hostabulous, 03-19-2015, 03:40 PM | | Maybe your really need GRSecurity kernel layer, but you should really give CloudLinux a try, specially for a cPanel/WHM setup (its not free but so cheap..).
There is a good thread on WHT from 2 years ago:
http://www.webhostingtalk.com/showthread.php?t=1159191
|
| Posted by zacharooni, 03-19-2015, 03:47 PM | | There's also these old school threads:
https://www.webhostingtalk.com/showthread.php?t=489019
http://forums.steampowered.com/forum...d.php?t=486424
However, I would say definitely do your research before you begin your long journey to kernel compilation (especially with security patches, not to mention kernel versions nowadays have changed quite a bit). May it be filled with reboots of wondrous joy.
Some tips:
1) In grub, savedefault --default=0 --once
add 'panic=30' to the kernel line
2) http://kmuto.jp/debian/hcl/
You're welcome, and i'm sorry.
|
| Posted by LeadDogGraphicStudio, 03-19-2015, 03:47 PM | | I have thought about this route, but is it worth the cost for a single website running on a dedicated server? There are no other clients or sites.
|
| Posted by Julien@Hostabulous, 03-19-2015, 03:51 PM | | Well if you need a really secure OS for 1 website you can even try Atomic linux.
But really Cloudlinux + Atomic WAF + properly configured FW + malware scanning should be secure enough. It really depends on what you are trying to achieve.
G'luck
|
| Posted by LeadDogGraphicStudio, 03-19-2015, 04:17 PM | | Yes security is paramount. This is going to be a wordpress based e-commerce website. I currently have both CSF and CSX installed and configured. The CSF is locked down pretty tight, only a few essential ports open, all others blocked. I am using the Comodo free WAF rules for mod_security. I'll look into cloud linux, but which would be prefered if I was going a paid route, is cloud linux or Atomic a better choice?
|
| Posted by spendergrsec, 03-19-2015, 06:04 PM | | Hi LeadDogGraphicStudio,
Please feel free to contact me at spender@grsecurity.net. Having grsecurity work as easily as possible with cPanel is very important to me and I'd like to work with you directly (for free) to answer any questions you have and work through any installation problems. I have something else in the works you can try out that should eliminate any concerns about the difficulty/annoyance of kernel compilation.
Thanks,
-Brad
|
| Posted by LeadDogGraphicStudio, 03-23-2015, 09:51 AM | | Hey Brad,
Thanks for your help with the kernel compilation. As mentioned the process was quick and easy. Please let me know when it is ready for public release and I will be more than happy to write a review for it.
Paul
|
|
 Add to Favourites
 Print this Article
|
