Tutorial/HOW-TO: Kernel 2.6 Compilation with Grsecurity (grsec) – 2.6.5, 2.6.7, 2.6.8, 2.8.1, 2.6.9, 2.6.10, 2.6.11.6
Tutorial/HOW-TO: Kernel 2.6 Compilation with Grsecurity (grsec) – 2.6.5, 2.6.7, 2.6.8, 2.8.1, 2.6.9, 2.6.10, 2.6.11.6
The following tutorial provide a basic tutorial on installing grsecurity on a linux 2.6 kernel, it is up to date as of kernel 2.6.10.
Download the kernel source (obtain the latest kernel from kernel.org):
cd /usr/src/
wget http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.10.tar.bz2
bzip2 -d linux-2.6.10.tar.bz2
tar xf linux-2.6.10.tar
Download the grsec patch (download the latest patch from grsecurity.org/download.php):
cd /usr/src/
wget http://grsecurity.org/grsecurity-2.1.0-2.6.10-200501081640.patch
Patch the kernel with the grsecurity patch:
patch -p0 < grsecurity-2.1.0-2.6.10-200501081640.patch
Before doing your configuration you may want to check which hardware you are using:
lspci
For a specific hardware component:
lspci -s 00:00.0 -vv
lspci -s 00:1f.0 -vv
Start cofiguring/compile the kernel:
cd /usr/src/linux-2.6.10
make clean
make mrproper
If you are using an old .config file, then copy it to /usr/scr/linux-2.6.10 and do the following:
make oldconfig
If this is a new configuration or you are unsure what to do, then do the following:
make menuconfig
Once you have configured all your kernel options, be sure to continue on to the grsec menu and chose the security level you wish to use, as well as any specific security options. If are running a server you may want to disable the following options from the kernel:
- Telephony Support
- Fusion MPT device support
- IEEE 1394 (FireWire) support (EXPERIMENTAL)
- Amateur Radio support
- IrDA (infrared) support
- ISDN subsystem — only if you are not using ISDN
- Multimedia devices
- Sound
- USB support
- Old CD-ROM drivers (not SCSI, not IDE) — only if uneeded
- Bluetooth support
- Library routines
Exit and save the configuration, and proceed to build the kernel and modules:
make
Now you need to install the modules in /lib/modules/KERNELVERSION by doing the following:
make modules_install
Lastly you need to install the kernel:
make install
After you have installed the kernel you need to ensure you bootloader is configured correctly for the new kernel, and then reboot the machine.
There are plenty more options when installing the kernel, but with the make install command it does these all for you in one go.
Similar Articles : How to install ffmpeg on CentOS or Redhat Enteprirse Linux the easy way (Using RPMs/Yum) , Installing Pico on FreeBSD, Turck MMCache for PHP, Apache 2 Install and Upgrade Guide, lingerd – Setup and Installation, Howto mod_rewrite with Apache, Getting started with SSH Tutorial, How to install PRM (Process Resource Monitor), How to install ionCube loader, Apache Log Files Explained, Server Loads Explained, Guide to .htaccess tutorial and tips, Optimize and Tweak High-Traffic Servers, Common SSH Commands – Linux Shell Commands, Upgrade Guide From Red Hat 7.3 to 9.0,Changing Web Hosts? Step-By-Step Guide, Customizing PHP Safe Mode, Apache 2 PHP 4 and 5 (mod_php) on Linux – Apache2 PHP4 PHP5 Installation, Fantastico Error: enc_restrictions.inc.php is protected by SourceGuardian and requires file ixed.lin.4.X.X.pxp, 4.3.7.pxp, 4.3.8.pxp, 4.3.9.pxp error, How to Copy Files Across a Network/Internet in UNIX/LINUX (Redhat, Debian, FreeBSD, etc) – scp tar rsync, Fixing rndc error in WHM/cPanel: rnd: connection failed: connection refused, wget – how to use tuturial, cPanel Awstats Fix – Stoped Logging on single domain, How to Install Zend Optimizer/Encoder on cPanel/WHM, Upgrading CentOS 3.3 to 3.4 using yum, Redhat 7.3, 8.0, and 9.0 upgrade to CentOS 3 using yum (Red hat), Tutorial/HOW-TO: Kernel 2.6 Compilation with Grsecurity (grsec) – 2.6.5, 2.6.7, 2.6.8, 2.8.1, 2.6.9, 2.6.10, 2.6.11.6 , Repairing a mySQL Database/Table – How to restore/repair/recover, Flood Protection/DoS/DDoS Apache 1.3 and 2.0 – mod_dosevasive (Avoiding Denial of Service Attacks)