You are not logged in.
I intentionally selected the subject similar to this one:
https://dev1galaxy.org/viewtopic.php?id=1128
that is I did exactly the same as described in the topic above.
in detail:
1) updated Devuan Jesse
https://talk.devuan.org/t/upgrading-dev … -ascii/363
2) installed openrc
https://dev1galaxy.org/viewtopic.php?id=1128
and removed services I don't need
3) installed eudev
https://dev1galaxy.org/viewtopic.php?id=1543
4) installed libre linux kernel from sources
http://linux-libre.fsfla.org/pub/linux-libre/releases/
compiled deb kernel streamlined for my hardware/virtualbox
with LXDE system takes 216MB with fluxbox or openbox this will take much less of course.
When I was trying ceres a month ago system was freezing often. Now, after few hours ceres still behaves. To me this means that developers are working hard to get new Devuan ready.
Offline
Similar setup in my machines (I use Air-Gap cloning, so it's kind of same system on master and clones, only built in Air-Gapped)
I intentionally selected the subject similar to this one:
https://dev1galaxy.org/viewtopic.php?id=1128
that is I did exactly the same as described in the topic above.
in detail:
1) updated Devuan Jesse
https://talk.devuan.org/t/upgrading-dev … -ascii/363
2) installed openrc
https://dev1galaxy.org/viewtopic.php?id=1128
and removed services I don't need
I was late on this one:
3) installed eudev
https://dev1galaxy.org/viewtopic.php?id=1543
I mean, I've deployed it on two of my system only today (and a third system will be getting it via cloning).
But I have a question about this one:
4) installed libre linux kernel from sources
http://linux-libre.fsfla.org/pub/linux-libre/releases/
And the question is (no time to research on my own right now): can grsec-unoff be patched onto libre linux kernel... Umhh, no! I don't think... It gets patched on the LTS 4.9.x series from kernel.org... so, at least not directly, not without modifications...
compiled deb kernel streamlined for my hardware/virtualbox
I would have liked if I knew how to do that when I was trying to, months ago... But no time to research now. (But if you have quick links, I could return (at some unspecified time) later knowing where to start my research from.)
When I was trying ceres a month ago system was freezing often. Now, after few hours ceres still behaves. To me this means that developers are working hard to get new Devuan ready.
Yep!
One usuful note about eudev: exit Xorg before you install eudev. On two of my machines (with same system, though, but one never sees online: the Air-Gapped master), upon installing eudev, Xorg froze. Nothing broke in the least, and the installation continued, just I wouldn't see it but in the logs later (having grsec's exec_logging and audit_chdirenabled, I was able to know upon reboot, that it all went fine).
Devs/testers/users of FOSS, what might be ahead for GNU/Linux after we lost PaX Team and spender? spender wrote:
https://forums.grsecurity.net/viewtopic … 699#p17127
Google made the choice to engage in underhanded competition against us with our own code...
grsecurity ripoff by Google, w/ Linus approval https://lists.dyne.org/lurker/message/2 … 4b.en.html
Offline
To answer your question:
Since I am using Devuan in VM, I can't use grsec (only exception is VirtualBox for grsec customized by Alpine Linux). I gave up on grsec because of ended updates.
My kernels are small ~3.7MB vmlinuz and I don't use initrd.
If you are asking about compiling deb kernels this is listed in debian handbook. My config file is really for VM. This in fact is the reason why libre kernel is working on the laptop:
libre disables all firmware including my intel wireless, but in VM I set guest with virtual eth0 which is NATed to whatever connection host is making.
I did install eudev without exiting X. This is probably advantage of VM using most common virtual hardware that do not cause problems with installed OS.
If you are looking for good secure VM try Qubes, but to take full advantage of Qubes, you will have to have specific hardware. This is on the other hand quite risky considering latest revelations about bugs in intel me. I have found one way to completely remove ME (BIOS free space will go up from 1MB to 5MB), but I did not try it yet.
Offline
When I was trying ceres a month ago system was freezing often. Now, after few hours ceres still behaves. To me this means that developers are working hard to get new Devuan ready.
Just now seeing this. IIUC Devuan devs don't touch anything in ceres except for the automatic removal of some systemd pkgs.
Online
Also great to read from golinux!
To answer your question:
Since I am using Devuan in VM, I can't use grsec (only exception is VirtualBox for grsec customized by Alpine Linux). I gave up on grsec because of ended updates.
There's
kernel tried to execute NX-protected page - exploit attempt?
https://github.com/minipli/linux-unoffi … -348678535
Aahh..., I gave a particular subpage... But, never mind, read how good grsec-unoff is, all visitors! And it's all linked from there.
My kernels are small ~3.7MB vmlinuz and I don't use initrd.
If you are asking about compiling deb kernels this is listed in debian handbook.
No, that's not what I asked, you can, if you don't take me wrong, pls. don't do, reread what I asked.
See also...
But I have to post this temporarily, incomplete, else I might lose it... attacked too often lately...
Continuing. Pls read those traces linked from above that alomost undeniably indicate attemped intrusions and forgive my stuttered posting
My config file is really for VM. This in fact is the reason why libre kernel is working on the laptop:
libre disables all firmware including my intel wireless, but in VM I set guest with virtual eth0 which is NATed to whatever connection host is making.I did install eudev without exiting X.
That note was for other future users of eudev
This is probably advantage of VM using most common virtual hardware that do not cause problems with installed OS.
If you are looking for good secure VM try Qubes, but to take full advantage of Qubes, you will have to have specific hardware. This is on the other hand quite risky considering latest revelations about bugs in intel me.
The problem is Qubes, IIRC, can't be used without dbus, and I don't have dbus, and don't want to use it, don't trust it.... My Devuan is sans-dbus.
Else, I read about Qubes, I have their paxrat installed in my box.
I have found one way to completely remove ME (BIOS free space will go up from 1MB to 5MB), but I did not try it yet.
On my AMD64 it's PSP, not ME.
Regards!
Last edited by miroR (2017-12-02 09:12:30)
Devs/testers/users of FOSS, what might be ahead for GNU/Linux after we lost PaX Team and spender? spender wrote:
https://forums.grsecurity.net/viewtopic … 699#p17127
Google made the choice to engage in underhanded competition against us with our own code...
grsecurity ripoff by Google, w/ Linus approval https://lists.dyne.org/lurker/message/2 … 4b.en.html
Offline
psp is no better than me just not as widely used. You would have to either clean/remove PSP/ME or better get arm (e.g. ASUS Chromebook C201)
regarding distros: I would think that security dedicated distro even with dbus is better than home brew. This is of course my personal view.
Offline