[Nix-dev] grsecurity

Fri Jan 2 09:45:04 CET 2015

Hi,

I followed this tutorial:
https://nixos.org/wiki/Hardened_NixOS

but got missing `linuxPackages_3_2_grsecurity` so i searched through the 
github packages and tried a few other names, but then i got `dependency 
could not be downloaded`
then i went through options and found security.grsecurity, but then i 
get kernel does not support grsec :(

I realy would like to get that working, please help

some of my configuration.nix:

  boot.kernelPackages = pkgs.linuxPackages_3_2;
   nixpkgs.config = {
     allowUnfree = true;
     #grsecurity = true;
     #packageOverrides = pkgs: {
     #  linuxPackages = pkgs.linuxPackages_3_2_grsecurity; # i tried a 
few here, its either not found or dependency error because it cant 
download dep
     #  stdenv = pkgs.stdenv // {
     #    platform = pkgs.stdenv.platform // {
     #      kernelExtraConfig = ''
     #        XEN n
     #        HIBERNATION n
     #        DEVKMEM? n
     #        GRKERNSEC y
     #        GRKERNSEC_CONFIG_AUTO y
     #        GRKERNSEC_CONFIG_DESKTOP y
     #        GRKERNSEC_CONFIG_VIRT_HOST y
     #        GRKERNSEC_CONFIG_VIRT_EPT y
     #        GRKERNSEC_CONFIG_VIRT_KVM y
     #        GRKERNSEC_CONFIG_PRIORITY_SECURITY y
     #        GRKERNSEC_PROC_USER y
     #        GRKERNSEC_PROC_GID 0
     #        GRKERNSEC_CHROOT_CHMOD n
     #      '';
     #    };
     #  };
     #};
   };
   #security.grsecurity = {
   #  enable = true;
   #  stable = true;
   #  config = {
   #    system = "desktop";
   #    virtualisationConfig = "host";
   #    hardwareVirtualisation = true;
   #    virtualisationSoftware = "kvm";
   #  };
   #};  # kernel does not support grsec
   boot.kernel.sysctl = {
     "kernel.grsecurity.grsec_lock" = 1;
     "net.ipv4.icmp_echo_ignore_broadcasts" = 1;
     "net.ipv4.icmp_ignore_bogus_error_responses" = 1;
     "net.ipv4.tcp_syncookies" = 1;
     .....


Cheers,
Peter