I did not find a proper forum to ask the question, so I ask it here. Is PaX implemented in openSUSE? Its features are listed here: Address space modification protection
Mm not really sure what you mean reading the install instructions you’re doing that when you build the kernel. I could well be barking up the wrong tree but looking at the generic kernel-config at grsecurity only mention is in the Grsecurity section, which I doubt is enabled.
I would thought the easiest way would be zcat /proc/config.gz | grep “Word I want”
I am not sure whether anything is available officially or from the community. gsecurity requires that you patch the kernel with gsecurity patches. Since, you are interested in setting up a server environment, you try patching vanilla kernel with gsecurity patches.
Most people use AppArmor (may be because it already comes packaged) even though it doesn’t have all the features of gsecurity.
Thank you for the answers. Now I see there’s no grsecurity in openSUSE. I thought that I did not notice it maybe. And it’s a pity. Of course, one may apply a patch to the kernel but it would be much better if we had a separate server kernel with all the patches already applied. It is really strange there is one kernel both for desktop and for server in openSUSE.
grsecurity has various features, most interesting of those are already implemented in the mainline kernel.
- address space randomization - is in the kernel
- NX protection - is in the kernel
… probably stuff I forgot…
So not really “desperately missing”.
> It is really strange there is one kernel both for desktop and for server in
> openSUSE.
i guess it is because each of us can take the default kernel and
change it as WE need it…
perhaps most of us here do not need grsecurity, and can be quite
happy, and secure with AppArmor, etc?
therefore i ask you: should all of us be required carry an unneeded
grsecurtiy OR remove it, so that you (and small minority) don’t have
to add it?
further, i guess if you opt of SUSE Linux Enterprise Server (SLES) it
might have a kernel which is not identical to SUSE Linux Enterprise
Desktop (SLED)…openSUSE being the proving ground for both of those
commercial offerings (by Novell) you should not be surprised that here
we can get by with a generic kernel which fits most folks–and folks
like you with other needs are free to compile in what you need…
if you wish, during the initial install of openSUSE you may opt for a
server only platform install, i’ve not done it so i don’t know if the
kernel itself is different, or simply the modules loaded into it…
–
Conficter
I have found only CC_STACKPROTECTOR, CC_STACKPROTECTOR_ALL, COMPAT_BRK, SECURITY_DEFAULT_MMAP_MIN_ADDR. Could you please name the other options?
Thank you.
Of course, not! That is why I think it would be good to have a separate server kernel.
further, i guess if you opt of SUSE Linux Enterprise Server (SLES) it might have a kernel which is not identical to SUSE Linux Enterprise Desktop (SLED)…openSUSE being the proving ground for both of those commercial offerings (by Novell) you should not be surprised that here we can get by with a generic kernel which fits most folks–and folks like you with other needs are free to compile in what you need…
At home I prefer to have it free of charge. 
if you wish, during the initial install of openSUSE you may opt for a server only platform install, i’ve not done it so i don’t know if the kernel itself is different, or simply the modules loaded into it.
The kernel is not different. But I have found I am not the only person who wants a different kernel. #305694: Separate Desktop / Server Kernels](https://features.opensuse.org/305694)
mike934 wrote:
> The kernel is not different. But I have found I am not the only person
> who wants a different kernel. ‘#305694: Separate Desktop / Server
> Kernels’ (https://features.opensuse.org/305694)
great…perhaps what you wish for will come true!!
until then you can always compile a perfect for your needs kernel…
–
Conficter