You are not logged in.

#1 2021-02-12 16:42:42

arch181
Member
Registered: 2021-01-26
Posts: 35

Is the linux-hardened kernel really more secure??

Few days ago I started using the linux-hardened kernel instead of the regular one (linux). So I'm just really curious is it more secure and better in terms of security, or it's the same as the regular one with just few configurations and changes that I  can manually do to the regular "linux" kernel package?
Note: I would really appreciate if someone could point and explain few diffrences and i'll do my best to understand them.

Last edited by arch181 (2021-02-12 16:44:40)

Offline

#2 2021-02-12 17:08:11

loqs
Member
Registered: 2014-03-06
Posts: 13,177

Re: Is the linux-hardened kernel really more secure??

https://github.com/anthraxx/linux-harde … -hardened1 contains the commits for the current linux hardened release,  all the commits until Linux 5.10.15 by grekgh are linux-hardened only.
If a commit is changing a default in the config e.g. https://github.com/anthraxx/linux-harde … 11c6ea3cb0 SECURITY_DMESG_RESTRICT is set for all arch kernels except linux-lts.
You could also change the setting at run time using sysctl.  Other config changes would need you to build a kernel with that change.
If a commit adds a new feature e.g. https://github.com/anthraxx/linux-harde … 2c81357b83 that is only available using linux-hardened.

Offline

#3 2021-02-12 17:45:38

arch181
Member
Registered: 2021-01-26
Posts: 35

Re: Is the linux-hardened kernel really more secure??

loqs wrote:

https://github.com/anthraxx/linux-harde … -hardened1 contains the commits for the current linux hardened release,  all the commits until Linux 5.10.15 by grekgh are linux-hardened only.
If a commit is changing a default in the config e.g. https://github.com/anthraxx/linux-harde … 11c6ea3cb0 SECURITY_DMESG_RESTRICT is set for all arch kernels except linux-lts.
You could also change the setting at run time using sysctl.  Other config changes would need you to build a kernel with that change.
If a commit adds a new feature e.g. https://github.com/anthraxx/linux-harde … 2c81357b83 that is only available using linux-hardened.

Thank you loqs

Offline

Board footer

Powered by FluxBB