Grsecurity and Xorg If we enable the "Disable privileged I/O" feature in the hardened kernel and reboot, we can't start X server. That's because Xorg uses privileged I/O operations. We might receive an error like this: # startx xf86EnableIOPorts: failed to set IOPL for I/O (Operation ...

Checksec The checksec.sh file is a Bash script used to verify which PaX security features are enabled. The latest version can be downloaded with the wget command: # wget http://www.trapkit.de/tools/checksec.sh # chmod +x checksec.s # ./checksec.sh --version checksec v1.5, Tobias Klein, www.trapkit ...

Configuring PaX with Grsecurity We've already briefly discussed PaX, but now it's time to describe it in detail. PaX provides the following security enhancements: Non-executable memory: Sections that do not contain actual program code are marked as non-executable to prevent jumping to arbitrary location in memory and executing ...

Introduction In this tutorial, we'll talk about how to harden a Linux system to make it more secure. We'll specifically use Gentoo Linux, but the concepts should be fairly similar in other distributions as well. Since the Gentoo Linux is a source distribution (not binary, as most other ...