+1 (609) 785-1322

Documentation

CloudLinux kernel and Grsecurity

CloudLinux 5.x kernel includes some of the most requested features of grsecurity.
CloudLinux 6.x kernel doesn't include grsecurity features yet. There is no ETA at this moment for the inclusion

TPE (Trusted Path Execution)

The kernel supports TPE grsecurity feature out of the box. You can configure it using following files:
  • /proc/sys/kernel/grsecurity/grsec_lock
  • /proc/sys/kernel/grsecurity/tpe
  • /proc/sys/kernel/grsecurity/tpe_gid
  • /proc/sys/kernel/grsecurity/tpe_restrict_all
To enable TPE feature in a standard way just add following to the end of your /etc/sysctl.conf

#GRsecurity 
kernel.grsecurity.tpe = 1 
kernel.grsecurity.tpe_restrict_all = 1 
kernel.grsecurity.grsec_lock = 1
And do:

# sysctl -p
More info: http://grsecurity.org