Web Hosting Talk : Web Hosting Main Forums : Dedicated Server : Are you using a Patched Kernel ?

[chrismfz]

For everyone out there who have dedicated servers
with linux kernel, do you use a kernel patch like
GrSecurity for extra security and piece of mind
or not and why?

I am using mostly VPS with huge resources for hosting sites
because I didn't have the budget for Raid 5, Data Redundancy
and managed servers. But now I just leased my first Dedicated running Centos (for better compatibility with CPanel) and I am concerned about the kernel's security issues.

I am using Grsecurity on a labrat (home server) for testing
purposes but I dont know if it is the right option for a Production Live server.

Opinions?

Regards,
Chris

[layer0]

Will this be a shared hosting system?

[chrismfz]

This system will serve a big ammount of websites and
maybe a few (4-5) low traffic shoutcast streaming services.

Running already Cpanel (installed yesterday) and ConfigServer Firewall. Already modsecurity installed with some custom rules
and the ruleset from gotroot but I still being concerned if
there is the need for patching the kernel.


Regards,
Chris

[BudWay]

grsec is a good patch but nothing is perfect the last linux wide exploit (JS detailhed in cpanel website) was exploitable to a certain level with grsec kernls.

I think using a patch in the kernel gives a sense of "un"security were you will miss updates and that may our may not cause the same downtime for each update/reboot.


I prefere RHE our centos kernel they are pretty secure and update is fairly quick/easy.

[Dougy]

My techs lock down and patch up kernels on every server I have.