I did not install any driver. I am sure Debian developers screwed up. As example, look at what this Corsac man say on his webpage at https://www.corsac.net/index.php?rub=blog : "So if you have a Jessie install with backports enabled, linux-grsec should be one apt call away: apt install -t jessie-backports linux-image-grsec-amd64" It is a lie, this command does not install grsec. He fail to say we need to add the other grsec packages, paxctl exceptions, lightdm exceptions. I hate it, he makes people lose time and give up on trying to install this grsec. You showed a video which is better than this Corsac. But the video show a complex install, not as simple as you lead others to believe at the start. Arch is too hard to learn, with Debian it is similar with Ubuntu and Mint which I have used some.
You clearly failed to realize that those are NOT his packages He's not lying. His package IS "an apt away". It's not his job to hold your hand and tell everything you must do, that is YOUR job. And how is that? I simply opened Synaptic and installed the package, then added 2 or 3 commands. That works for 99.9% of people. You're the only one I saw having problems with Grec on Debian. I thought so too, and believe me: it's not I may seem like a 7-headed monster when you first read the wiki page on how to install Arch, but after you did it a few times with the help of Youtube you'll realize it's actually pretty easy. Maintaining an Arch install running is way easier than maintaining an Ubuntu or Debian install.
You can try the Debian script that installs a Grsec kernel. You just need to pick your options from the graphical menu it does the rest. I've used it on Mint but it was designed for Debian. https://github.com/rickard2/grsecurity-Debian-Installer http://www.insanitybit.com/2012/05/...-secure-linux-kernel-with-pax-and-grsecurity/
Hello, the kernel in jessie-backports runs very smooth on my Jessie installation - it was my first successful attempt at using grsec. Now there are just a few more things I' d like to understand: Code: grsec: denied resource overstep by requesting 28 for RLIMIT_NICE against limit 0 for /usr/lib/chromium/chromium[exe:2184] uid/euid:1000/1000 gid/egid:1000/1000, parent /usr/lib/chromium/chromium[Chrome_ProcessL:1849] uid/euid:1000/1000 gid/egid:1000/1000 grsec: denied use of ioperm() by /usr/bin/Xorg[Xorg:876] uid/euid:0/0 gid/egid:0/0, parent /usr/bin/kdm[kdm:874] uid/euid:0/0 gid/egid:0/0 systemd[1199]: Failed to read /proc/cmdline. Ignoring: Permission denied The RLIMIT_NICE issue can come up on quite a few binaries - it seems they try to renice their task to higher values than grsec allows them to, I tried to work around it by adding new limits to renice in limits.conf like so: Code: /etc/security/limits.d/grsec.conf * - nice -20 after that tweak the denies no longer appear, I assume problem is solved or is there a better way to this? The Xorg error is a mystery - Xserver runs fine, it just takes a bit longer to start (black screen for an additional second). What is systemd trying to do with /proc/cmdline? Other than that it runs fine, paxtest blackhat shows no vulnerabilities. Thanks for the grsec support in jessie!
