No, it doesn't. Yes! However, if you're using grub as your bootloader you will have to execute Code: sudo grub-mkconfig -o /boot/grub/grub.cfg before rebooting in order to add the new kernel. (I don't know how it works with syslinux as I'm not familiar with it.) Note that you will probably want to install the paxd and gradm packages in order to enable PaX amd RBAC.
It does come with Tomoyo enabled. https://wiki.archlinux.org/index.php/TOMOYO_Linux#Installation_2 Tomoyo is easy to use, but you have to create your own profiles and it takes time to create and maintain them.
Ah, yes, I forgot about Tomoyo. On the other had, if you're using linux-grsec RBAC is probably the better alternative.
SELinux and Appramor are very "weak" when compared to grsecurity. See here: https://grsecurity.net/compare.php For all I know grsecurity works with these two. On Arch, Ubuntu, and Debian: yes, if you use the official repos. You can easily compile your own linux-grsec Kernel under these OS's, but don't forget to read a few tutorials because a few grsecurity features only work with servers (because they'll break Xorg).
Packages in Arch are the most vanilla they can be: no custom icons, or menus, or anything. KDE won't come with ugly alterations, or XFCE, etc. That's a plus because other distros like to customize things the way they think is good: on Arch you build your own system, not "developer john system"
For the life of me I don't see the terminal commands to get a browser on it. I may get a Chromebook and just plant it next to the computer to do this. I've never felt so stupid in my life as with this. Dooooh!
Hehehehe. Well, installing things on Arch is pretty easy. For example, to install Firefox: Code: sudo pacman -S firefox or Code: sudo pacman -S chromium Even if you don't like Firefox, you can now use it to learn how to get Chrome
I found the kernal compiling too difficult and gave up. Was not confident applying the Grsecurity 4.x kernal to a Ubuntu and Mint 3.x kernal. Ubuntu is switching to 4.x kernal in the next build, perhaps I try it then. I try to install Arch on a old computer with no PAE support. And it will not install, on boot of the installation usb there is error saying cpu not supported. Adding forcepae command does not work. Is there a way to force install Arch without PAE.
What tutorial did you follow? The tutorial I linked >HERE< is pretty easy. I think you're trying to boot a x64 Kernel into a x86 CPU.
Well, it's not difficult once you're a bit familiar with the pacman commands. And it makes life much easier if you create some aliases for the most important ones in ~/.bashrc like: Code: alias i="sudo pacman -S" alias u="sudo pacman -Syu" alias r="sudo pacman -Rns" After adding those aliases just execute "source .bashrc" and they will be immediately available. So in order to install firefox you simply would have to execute Code: i firefox Easy, isn't it? But if you really want a graphical package manager you can chose, e.g., Octopi from the AUR. I think it's the default package manager in Manjaro. Here are other alternatives. EDIT: Here are some more useful aliases for you as a special service Code: alias li='pacman -Qi' # Display information about a given package in the local database alias sl='pacman -Qs' # Search for package(s) in the local database alias ar="pacman -Qdt" #To list all packages no longer required as dependencies (orphans) alias cleancache="sudo pacman -Scc" # Clean cache - delete all not currently installed package files alias sc="systemctl" alias rsc="sudo systemctl" alias jcb="journalctl -b" #Show all messages from this boot alias failed="journalctl -b | grep -e failed -e Failed" alias jce="journalctl -e" #jump to the end of the journal alias jceu="journalctl -e -u" #jump to the end of the journal for that unit
Arch made a significant difference in the speed of Chromium but adding all the things I'm used to having by default wasn't my cup of tea but on the plus side I installed Mint LMDE and was able to install Grsec after wards. Do I need it? Maybe not but I'm trying it on for size. I don't believe there is much if any performance hit.
I also didn't notice any performance hit. Do I need grsec? Probably not, but it's better to be protected and not need the protection than to need the protection and not be protected, right?
Just as I suspected, the tutorial does not work. I went through step by step with these problems. 1. apt-get install patch bin86 kernel-package build-essential libncurses5-dev gcc-*-plugin-dev There is error of no gcc-*-plugin-dev found. I ignored it and continued. 2. make-kpkg --initrd --append-to-version "grsec1.0" kernel_image There is error of no -- command recognized. I change the -- to single -, and now it give error of grsec1.0 not a target. No compiling done! Like I said someone need to update this crappy 2012 tutorial to 2015.
You ought to do a bit of reading before saying something like this. This tutorial is not crappy, neither is it outdated. Just one thing has changed. I don't want to spell out the exact command, just read this: https://debian-handbook.info/browse/stable/sect.kernel-compilation.html
Why should I read all that when you, or the maker of that tutorial, can spell out the exact command which works? Takes you 10 seconds to type it out, takes me 30 minute to read that. After a hard day at work the last thing I wanna do is read wall of boring text to find a solution that might not work. Your response is typical of many Linux users, it take no skill to answer someone's problem by giving a textbook to read, the skill come from answering it with precise solution. I wait for someone helpful to make a new working tutorial.
I've actually had the most RTFM responses asking questions at BSD or Virtualbox forums... Many times not even pointing out the specific command and instead telling me to read the whole section. Anyhow, I'm not sure why you specifically need Grsecurity in Ubuntu e al. Is AppArmor, FireJail, trusted repos, etc. not enough?
Why should I, or anybody else, help someone who is not willing to help himself/herself? I gave you enough hint, if you just cared to read the last two lines of my reply you would have got it. Sorry, I can't help someone with this attitude. You name a tutorial crappy without understanding even an iota of it, you brand someone a "typical linux user" who took the time to write a reply pointing you towards the right direction. Anyway, I don't think you will be any more secure with Grsecurity et al. You don't want to understand, just click and forget. That's not how security, or anything else in the world, works. Others might help in a way that you think is helpful.
Apples and oranges. The link I gave is not to a "RTFM" manual. It is a very readable, easy to understand handbook, also available in ebook format for those who like to read that way. Only one page to read, takes ten minutes, clearly says what used to be the case some times ago and what is now the case. If you still don't get it, you won't get it.
@UnknownK Should we label him as "typical Windows user who wants his meat chewed on a plate"? @J_L Yeah, BSD forums and IRC can be a harsh place sometimes. But then again, they expect us to learn things and don't be a help-vampire, because that's the way they learned how to do things I too get upset when someone asks me simple things like "how do I update Ubuntu". I say "You know, DuckDuckGo is right there waiting for you to ask the same thing".
That is fine, I do not need help from someone with your attitude. A tutorial is supposed to work, if it does not work it is by definition crappy in my books. I do not need someone to point me in the right direction, I need someone to give me the solution. Without having to read a wall of technical mumbo jumbo text. I have no interest in filling my precious brain space with learning programming, I just want something that works. If there is a guaranteed working solution hidden in the wall of text, I can read it. That is how I manage to read working tutorials and get things done. But my inner voice is telling me I will spend 30 minutes reading his link, only to raise more questions about how to do something that ultimately does not work. If it works he would have spelt out the solution than throw the textbook at me. This happens too many times in my Linux problems and I am frankly growing tired of it. I am sure I speak for the majority of new Linux users, they quit silently instead of complaining like I do here. I need Grsecurity to stop keyloggers and screen grabbers. Apparmor is not enough, it relies on profiles for specific programs, I need protection for Linux basic processes itself not only programs. Firejail only protects Firefox. Trusted repos do not stop dns redirection to malware done at ISP level. And it should not be necessary to understand how security works to have it work. Windows has many security software, no need to understand how they work, and they work. Linux needs the same approach. There are 2 ways advanced Linux users help others. You can tell someone to read a textbook or search online, making them do hard work to learn what you know, giving you an ego boost. Or you can cut the crap and say what the solution is. You know which way is better.
And you think many people would be willing to help someone with YOUR attitude? We're not your paid support. That's because you made no effort to learn what the errors are. You just assumed the tutorial was "crap" because it didn't work for YOU. That's not how things work. I can see here that the two errors you posted are easily avoidable. The first one you can pretty much ignore, because if you knew something about pacakges you'd know that a * means "everything related to this package". You could search for each one of these packages, but you didn't. I don't know how you got the second error. I tried this "crappy 2012 tutorial" not long ago and it worked for me. Maybe it's a problem at your end? Again, we're not your paid support. You don't want directions, we don't want to give you the correct command (if it even exists) because of your attitude. Life is pretty simple sometimes. Learning works, it worked for me and for everyone in this thread except you You must be REALLY young, because young people these days don't move their arses for nothing, they want everything on a plate. Once more: we're not your paid support. We might not have the same machine or same distro or same setup as you, and we certainly will NOT do much effort just to satisfy your ego. You could have read the damn tutorials and more and even learned how to install Arch Linux, but nooo, you're still here arguing about why nobody served you the way you wanted. I'm sure that's how things are done at the Winners' table Because they're used to getting everything done for them. That's not the correct way to manage your life. What kinds of nasty things are you doing with your system? Perhaps Linux isn't for you. There's absolutely no need to be as afraid as you are, unless you're like someone else I know and installs things from unknown sources and whatnot. Which is just what you need for most situations. Firejailing your most vulnerable apps. GRSec probably won't stop that either, because it's done at IPS level and therefore only occurs at your browser. In any case, you should do two things: * Sue this ISP; * Don't run anything they throw at you. You use Linux, your chances of being infected are close to zero. No, because if we just give you a command to compile the Kernel (and we did) you won't learn anything, and then if problems arise you'll come here asking for help instead of figuring out yourself. I don't mind helping people, as long as they deserve it
This is ridiculous. If you're using a Personal Firewall, a HIPS or even Emet in Windows you do need to understand how they work. Otherwise you will probably break your system or, at least, many applications.