Grsecurity TPE how-to

From FiberWiki

Jump to: navigation, search

Creating Group

We will use a group called untrust. 

groupadd untrust

Let's find the GID for this group: 

nano /etc/group
Ctrl+w then type "untrust"
untrust:x:500: <- Example Line!
Copy the number

Let's go work on the kernel settings: 

cd /usr/src/linux
make menuconfig
Select "Security Options"
Select "Grsecurity"
Select "Executable Protections"
Select "Trusted Path Execution (TPE) (NEW)"
Select "GID for untrusted users"
Enter in the GID
Exit out of the menuconfig and save settings

Now let's compile the kernel: 

make bzImage; make modules; make modules_install; make install

Done!

Retrieved from "http://wiki.fiber-hosting.com/Grsecurity_TPE_how-to"
Personal tools
Navigation