Top Posts Tagged with #grsec

Last ESK 3.14.51 Released

Today i am releasing last ESK kernel due to the changes that recently was done by grsecurity and PAX team. It is build upon latest publicly available patch for kernel 3.14.51 (no longer available for download). You can grab binary builds here:

- ESK 3.14.51-pv(GPGsignature) sha256: b62d82b3056fa49c0219c2dd345d24966ce21957c5744722522ec0c0f4944efa

- ESK 3.14.51-hvm(GPGsignature) sha256: 388c43175bdb6c6d3a9edfac480c68a6e48dcbfd944d9280f5ccb9e57ca1a60a

Both builds are compiled using GCC5.2 and are optimized for Ivy Bridge processors (minimum required: E5-2670 v2).

#esk #grsec #grsecurity #aws #ec2 #debian #ubuntu

•18+ Adults Only

Watch Anya Live on Cam

Anya is live and ready to show you everything. Watch her strip, dance, and perform exclusive shows just for you. Interact in real-time and make your fantasies come true.

✓ Live Streaming✓ Interactive Chat✓ Private Shows✓ HD Quality

Anya is LIVE right now

FREE

Free to watch • No registration required • HD streaming

note me #2

mempo (deb) : https://wiki.debian.org/Mempo/ https://github.com/mempo/mempo-kernel tails: https://tails.boum.org/

parrot sec os: http://www.parrotsec.org/

kali https://www.kali.org/

grsec: https://grsecurity.net/ https://www.proteansec.com/linux/running-virtualboxvmware-hardened-gentoo/

#mempo #kali #tails #parrotsec #grsec #linux #debian

ESK 3.14.39 for HVM and PV Released (u)

Update: I have prepared new builds (#2) with GCC 4.9 which implies use of -fstack-protector-strong for better buffer overflow protection.

New release of ESK is available for both PV and HVM virtualisation:

- ESK 3.14.39-pv2(GPG signature) sha256:bfe1da235931506a5a9f35d00d382d77eb61a39a6762822bf5cd5f0845a01b64

- ESK 3.14.39-hvm2(GPG signature) sha256:b8aa3b48e55156a3ed85f53f332e74b782d51ed4c0ac1609b442491584c93448

Among standard updates from vanilla kernel and grsecurity, in this release I have enabled support for Brtfs.

#esk #grsecurity #grsec #kernel #debian #ubuntu #ec2 #aws #security #hvm #custom kernel

Updating plans available too, to ensure you stay with the latest code over time. Test driving the single, 'no update', package thanks to a free coupon from spender.

#linux #store #test #grsec #grsecurity #spender #kernel #harden #blackhat #infosec #security #nix #posix

New build of ESK for 3.2.60 and ESK 3.14.11 released

New build for kernel line 3.2.60 has been released. Also new stable ESK kernel for 3.14.11 is available. Download new builds here:

- ESK 3.2.60

- ESK 3.14.11

ESK is tested with Debian and Ubuntu. If you find bugs or you want contribute please ask me on tumblr or follow me on twitter. For detailed changelog regarding grsec builds please see here and here.

#esk #grsec #grsecurity #kernel #ec2 #aws #debian

•18+ Adults Only

Watch Anya Live on Cam

Anya is live and ready to show you everything. Watch her strip, dance, and perform exclusive shows just for you. Interact in real-time and make your fantasies come true.

✓ Live Streaming✓ Interactive Chat✓ Private Shows✓ HD Quality

Anya is LIVE right now

FREE

Free to watch • No registration required • HD streaming

ESK 3.2.59-1 and ESK 3.14.5-1 released

I have just released new builds of ESK kernels with latest grsecurity patch. New release includes fix for recently announced critical vulnerability in futex, see CVE-2014-3153. Download ESK 3.2.59-1 here.

In addition i have also prepared test build of kernel 3.14.5. From my personal tests it seems 3.14.5 is slightly faster then 3.2.x. Difference range from few percent up to 30%(?). This is only approximation as i did not check them precisely. If you want to play with it download ESK 3.14.5-1.

Compatibility reminder: ESK is tested with Debian and Ubuntu releases. Other distributions are not tested. If you want to include your changes to improve ESK please let me know.

#esk #grsec #grsecu #kernel #debian

Enhanced Security Debian AMI with grsecurity for ec2 available on AWS

I have released AMI (Amazon Machine Images) with ESK kernel and system security enhancements to the AWS community portal. AMI is based on Debian 7.5 bootstrap - minimal installation. Only additional packages installed are that required for kernel compilation. I will refer to it as ES-Debian for short name.

Here are highlights of the AMI:

name: debian-7.5-amd64-grsec-enhanced-security available in 2 regions: us-east-1 (ami-64dc300c) and eu-west-1 (ami-818747f6)

kernel: latest 3.2.58 ESK

gradm 3.0

paxctl 0.8

umask 027

special groups: untrusted, readproc, symlinkrestr

TPE enabled

build script for getting and compiling new kernel and grsecurity patch (warning: dirty scripting), see in /usr/src/

sudo: only users in group admin can authenticate

some overall system tweaks for performance in sysctl.conf

It looks like this is only AMI available with grsecurity support. This seems to be perfect choice for anyone considered in security, especially developers writing code in languages like ruby. It prevents a whole range of zero-day exploits and together with TPE and RBAC enhances greatly security of your server.

Thanks goes to ProcessOne for hosting AMI.

Note: for TPE remember to add restricted user to group untrusted, for enabling RBAC read gradm guidelines.

#esk #kernel #grsecurity #grsec #security #aws #ec2 #esdebian

CPU topology not detected when using grsec (or ESK) kernel

You may run into a problem when using grsecurity or ESK kernel together with erlang. Seems like grsec prevents erlang runtime from properly detect CPU topology when running as unprivileged user :

1> erlang:system_info(cpu_topology). undefined

there is simple solution to this problem, you need to define topology by hand using +sct flag. For 2 core machine it's like:

erl +sct L0-1c0-1

and now you can bind schedulers (+sbt) to cores:

erl +sct L0-1c0-1 +sbt s

It is unclear if grsec actually breaks erlang vm, as erlang:system_info(schedulers). show properly number of schedulers in the system, but better to define it by hand so that +sbt flag can work as expected.

#grsecurity #erlang #esk #kernel #grsec

Last ESK 3.14.51 Released

- ESK 3.14.51-pv(GPGsignature) sha256: b62d82b3056fa49c0219c2dd345d24966ce21957c5744722522ec0c0f4944efa

- ESK 3.14.51-hvm(GPGsignature) sha256: 388c43175bdb6c6d3a9edfac480c68a6e48dcbfd944d9280f5ccb9e57ca1a60a

Both builds are compiled using GCC5.2 and are optimized for Ivy Bridge processors (minimum required: E5-2670 v2).

#esk #grsec #grsecurity #aws #ec2 #debian #ubuntu

•18+ Adults Only

Watch Anya Live on Cam

Anya is live and ready to show you everything. Watch her strip, dance, and perform exclusive shows just for you. Interact in real-time and make your fantasies come true.

✓ Live Streaming✓ Interactive Chat✓ Private Shows✓ HD Quality

Anya is LIVE right now

FREE

Free to watch • No registration required • HD streaming

note me #2

mempo (deb) : https://wiki.debian.org/Mempo/ https://github.com/mempo/mempo-kernel tails: https://tails.boum.org/

parrot sec os: http://www.parrotsec.org/

kali https://www.kali.org/

grsec: https://grsecurity.net/ https://www.proteansec.com/linux/running-virtualboxvmware-hardened-gentoo/

#mempo #kali #tails #parrotsec #grsec #linux #debian

ESK 3.14.39 for HVM and PV Released (u)

Update: I have prepared new builds (#2) with GCC 4.9 which implies use of -fstack-protector-strong for better buffer overflow protection.

New release of ESK is available for both PV and HVM virtualisation:

- ESK 3.14.39-pv2(GPG signature) sha256:bfe1da235931506a5a9f35d00d382d77eb61a39a6762822bf5cd5f0845a01b64

- ESK 3.14.39-hvm2(GPG signature) sha256:b8aa3b48e55156a3ed85f53f332e74b782d51ed4c0ac1609b442491584c93448

Among standard updates from vanilla kernel and grsecurity, in this release I have enabled support for Brtfs.

#esk #grsecurity #grsec #kernel #debian #ubuntu #ec2 #aws #security #hvm #custom kernel

Updating plans available too, to ensure you stay with the latest code over time. Test driving the single, 'no update', package thanks to a free coupon from spender.

#linux #store #test #grsec #grsecurity #spender #kernel #harden #blackhat #infosec #security #nix #posix

New build of ESK for 3.2.60 and ESK 3.14.11 released

New build for kernel line 3.2.60 has been released. Also new stable ESK kernel for 3.14.11 is available. Download new builds here:

- ESK 3.2.60

- ESK 3.14.11

ESK is tested with Debian and Ubuntu. If you find bugs or you want contribute please ask me on tumblr or follow me on twitter. For detailed changelog regarding grsec builds please see here and here.

#esk #grsec #grsecurity #kernel #ec2 #aws #debian

•18+ Adults Only

Watch Anya Live on Cam

Anya is live and ready to show you everything. Watch her strip, dance, and perform exclusive shows just for you. Interact in real-time and make your fantasies come true.

✓ Live Streaming✓ Interactive Chat✓ Private Shows✓ HD Quality

Anya is LIVE right now

FREE

Free to watch • No registration required • HD streaming

ESK 3.2.59-1 and ESK 3.14.5-1 released

Compatibility reminder: ESK is tested with Debian and Ubuntu releases. Other distributions are not tested. If you want to include your changes to improve ESK please let me know.

#esk #grsec #grsecu #kernel #debian

Enhanced Security Debian AMI with grsecurity for ec2 available on AWS

Here are highlights of the AMI:

name: debian-7.5-amd64-grsec-enhanced-security available in 2 regions: us-east-1 (ami-64dc300c) and eu-west-1 (ami-818747f6)

kernel: latest 3.2.58 ESK

gradm 3.0

paxctl 0.8

umask 027

special groups: untrusted, readproc, symlinkrestr

TPE enabled

build script for getting and compiling new kernel and grsecurity patch (warning: dirty scripting), see in /usr/src/

sudo: only users in group admin can authenticate

some overall system tweaks for performance in sysctl.conf

Thanks goes to ProcessOne for hosting AMI.

Note: for TPE remember to add restricted user to group untrusted, for enabling RBAC read gradm guidelines.

#esk #kernel #grsecurity #grsec #security #aws #ec2 #esdebian

CPU topology not detected when using grsec (or ESK) kernel

You may run into a problem when using grsecurity or ESK kernel together with erlang. Seems like grsec prevents erlang runtime from properly detect CPU topology when running as unprivileged user :

1> erlang:system_info(cpu_topology). undefined

there is simple solution to this problem, you need to define topology by hand using +sct flag. For 2 core machine it's like:

erl +sct L0-1c0-1

and now you can bind schedulers (+sbt) to cores:

erl +sct L0-1c0-1 +sbt s

#grsecurity #erlang #esk #kernel #grsec

Trending Tags

Last Seen Tags

#grsec

Trending Tags

Last Seen Tags

#grsec