On Saturday, 23 December 2017 17:46:20 GMT Michael Orlitzky wrote: > On 12/23/2017 09:09 AM, Peter Humphrey wrote: > > Hello list, > > > > Now that grsecurity is off-limits, I'm left wondering how to go about > > hardening a no-multilib box that will be exposed to the Big Bad World. > > You can still use grsec/pax if you're willing to stick with an older > (LTS) kernel: > > https://github.com/minipli/linux-unofficial_grsec/tree/linux-4.9.x-unoffic > ial_grsec
Oh, that's good - thanks Michael. > > To start with, it's not obvious which profile to use: > > > > $ eselect profile list | grep no-multi | grep hardened > > > > [23] default/linux/amd64/17.0/no-multilib/hardened > > [24] default/linux/amd64/17.0/no-multilib/hardened/selinux > > One of those two, depending on whether or not you use SELinux. Thanks again for the advice. -- Regards, Peter.