Results 1 to 16 of 16
Thread: Compile 2.6.5 + GrSecurity
Threaded View
-
04-20-2004, 03:08 AM #1Problem Solver
- Join Date
- Mar 2003
- Location
- California USA
- Posts
- 13,681
Compile 2.6.5 + GrSecurity
Tested on Rh7.3, 9, fedora
Today i will be discussing how to compile a 2.6.5 kernel with GrSecurity patch. Before we go any further, any thing bad happens is your fault not mine. Now that we got tha over and done with lets talk about GrSecurity and what it is. GrSecurity is a patch applied to your kernel and acts as a multi-layered detection, prevention, and containment model. A complete list of its features can be located at
Lets get started (as root):
1.) Change to an directory to work in, for today we are going to choose /usr/src:
cd /usr/src
( Please not if you do not have "patch" you can use up2date on an up2date enabled server to install it up2date -f patch )
patch -p0 < grsecurity-2.0-2.6.5.patch
make clean
make mrproper
5.) Grab that old kernel config and make a new config from it
cp /boot/config-`uname -r` .config
make oldconfig
http://www.webhostingtalk.com/showth...hreadid=232664
6.) Time to build the kernel up.
( please note "make dep" is not required in 2.6.x kernels any longer. )
make bzImage
(wait for this to complete and ensure no errors)
make modules
(wait for this to complete and ensure no errors)
make modules_install
(wait for this to complete and ensure no errors)
cp .config /boot/config-2.6.5-grsec
cp arch/i386/boot/bzImage /boot/vmlinuz-2.6.5-grsec
cp System.map /boot/System.map-2.6.5-grsec
mkinitrd /boot/initrd-2.6.5-grsec.img 2.6.5-grsec
WHICH BOOTLOADER DO I HAVE?!! OH NO!
There are a few ways to figure this out.
Solution 1:
/sbin/grubby --bootloader-probe
dd if=/dev/hda bs=512 count=1 2>&1 | grep GRUB
dd if=/dev/hda bs=512 count=1 2>&1 | grep LILO
one of them will kick back something like:
root@w00t [~]# dd if=/dev/hda bs=512 count=1 2>&1 | grep GRUB
Binary file (standard input) matches
root@w00t [~]#
Now that we have figured out the bootloader lets add the kernel to the bootloader:
LILO
add the following to the lilo.conf ( make sure you follow the format of your own bootloader settings)
image=/boot/vmlinuz-2.6.5-grsec
label=2.6.5-grsec
initrd=/boot/initrd-2.6.5-grsec.img
read-only
append="root=LABEL=/"
Before you set it to boot as default lets make it boot the next time only. Save your config and do the following:
/sbin/lilo -v -v
/sbin/lilo -R 2.6.5-grsec
GRUB
add the following to the grub.conf ( make sure you follow the format of your own bootloader settings)
title Red Hat Linux (2.6.5-grsec)
root (hd0,0)
kernel (hd0,0)/vmlinuz-2.6.5-grsec root=/dev/hda3
initrd (hd0,0)/initrd-2.6.5-grsec.img
Info on grubs failsafe is located here:
http://www.webhostingtalk.com/showth...hreadid=235241
Reboot the box and hope for the best, be sure to check dmesg for anything werid.
This post was inspired by choons post on 2.4.x kernels.
Thank you,
Steve
<<< Signature removed >>>Last edited by choon; 05-27-2004 at 11:12 AM.