Results 1 to 25 of 25
  1. #1
    Join Date
    Oct 2003
    Location
    Georgetown, Ontario
    Posts
    1,761

    Kernel Upgrades With Grub?

    Im thinking of taking a shot at upgrading the kernel of one of my machines here at home. It uses GRUB.


    Every tutorial I see on the internet is using Lilo. Should I switch my bootloader to Lilo?


    Does anyone know of where I can get a guide to upgrading the kernel with GRUB? Possibly even with grsecurity?
    ии Repeat after me... ProSupport is the best... Prosupport is... ии
    ProSupport Host Support System - OUT NOW! Grab a copy yourself and see what the hype is about!
    VertiHost Inc. - We run a quality business. Do you?

  2. #2
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,294
    Steven Ciaburri | Industry's Best Server Management - Rack911.com
    Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
    Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
    FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance

  3. #3
    Join Date
    Oct 2003
    Location
    Georgetown, Ontario
    Posts
    1,761
    I saw that. However, it shows how to use it with Lilo.

    My system is running grub. I can follow all the steps up until the last one where it says to modify the bootloaded to load the new kernel and such.

    What needs to be changed for it to work with grub?
    ии Repeat after me... ProSupport is the best... Prosupport is... ии
    ProSupport Host Support System - OUT NOW! Grab a copy yourself and see what the hype is about!
    VertiHost Inc. - We run a quality business. Do you?

  4. #4
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,294
    with grub you just add the entry like it shows in the tutorial and reboot
    Steven Ciaburri | Industry's Best Server Management - Rack911.com
    Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
    Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
    FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance

  5. #5
    Greetings:

    Grub can be better than Lilo because it offers an automated fall back feature should a kernel be giving you a problem.

    If you are installing kernels through up2date or yum, /etc/grub.conf should automatically be updated; though you may have to edit the file to change the "default=" number.

    If you are using progeny, then just edit /etc/grub.conf following what is already in place as a pattern, and watch the default #.

    Thank you.
    ---
    Peter M. Abraham
    LinkedIn Profile

  6. #6
    Join Date
    Oct 2003
    Location
    Georgetown, Ontario
    Posts
    1,761
    Ok, i successfully followed the tutorial.

    Now I added the new 2.4.25-grsec entry to be first inline in grub.conf and changed default=0 to default=1.


    Should I now reboot the machine and check if it boots up?

    If it boots up without any errors should I then change default=1 back to default=0?
    ии Repeat after me... ProSupport is the best... Prosupport is... ии
    ProSupport Host Support System - OUT NOW! Grab a copy yourself and see what the hype is about!
    VertiHost Inc. - We run a quality business. Do you?

  7. #7
    Greetings:

    See http://www.linode.com/support/doc/HO.../grubconf.html

    I would just add a fall back to your other kernel.

    Then boot up.

    Depending on the hardware et all, boot up should be completed within 1 to 5 minutes of issuing a

    shutdown -r now

    command.

    Thank you.
    ---
    Peter M. Abraham
    LinkedIn Profile

  8. #8
    Join Date
    Oct 2003
    Location
    Georgetown, Ontario
    Posts
    1,761
    I have set the default to 0 and fallback to 1.

    However, after reboot it still comes back as the fallback kernel I specified.

    Where can I check what is causing this?
    ии Repeat after me... ProSupport is the best... Prosupport is... ии
    ProSupport Host Support System - OUT NOW! Grab a copy yourself and see what the hype is about!
    VertiHost Inc. - We run a quality business. Do you?

  9. #9
    Greetings:

    Just to play safe, is your very 1st entry the new kernel so that it would match default of 0?

    /var/log/boot.log and /var/log/messages is where to look at the boot up process.

    Thank you.
    ---
    Peter M. Abraham
    LinkedIn Profile

  10. #10
    Join Date
    Oct 2003
    Location
    Georgetown, Ontario
    Posts
    1,761
    I checked that and I cant really tell whats wrong.

    Dynamicnet, could I talk to you on MSN or AIM if you are not busy? I would really appreciate the help.
    ии Repeat after me... ProSupport is the best... Prosupport is... ии
    ProSupport Host Support System - OUT NOW! Grab a copy yourself and see what the hype is about!
    VertiHost Inc. - We run a quality business. Do you?

  11. #11
    Hi


    It seems that Lilo is still activated as MBR boot loader, Try to make modifications in the lilo.conf ( activating the new kernel ) then enter lilo to activated it finally. Well if you really want to use Grub then you need to overwrite the lilo from MBR , Try to give /sbin/grub-install -parameters this will install grub on the MBR and activate your new kernel from the conf file. Please note the parameters should be device where the /boot partition is installed , For ex. /dev/hda

    Hope this helps you.
    Arnold Mathews
    Senior Linux Engineer
    SupportSupply.com Outsourcing
    http://www.SupportSupply.com

  12. #12
    Join Date
    Oct 2003
    Location
    Georgetown, Ontario
    Posts
    1,761
    Ok, Ive gotten this far.


    Code:
    title Red Hat Linux (2.4.25-grsec)
            root (hd0,0)
            kernel /vmlinuz-2.4.25-grsec ro root=/dev/hda2
            initrd /initrd-2.4.25-grsec.img
    Now I have root=/dev/hda2. This is what fdisk -l spits out.



    Code:
       Device Boot    Start       End    Blocks   Id  System
    /dev/hda1   *         1        66    530113+  83  Linux
    /dev/hda2            67       328   2104515   82  Linux swap
    /dev/hda3           329      9729  75513532+  83  Linux

    What should I set root= to in the grub.conf file for the new kernel?
    ии Repeat after me... ProSupport is the best... Prosupport is... ии
    ProSupport Host Support System - OUT NOW! Grab a copy yourself and see what the hype is about!
    VertiHost Inc. - We run a quality business. Do you?

  13. #13
    Join Date
    Jul 2001
    Location
    Singapore
    Posts
    1,790
    Cut and paste the output of your grub.conf:
    Code:
    cat /etc/grub.conf
    Then we will suggest you what to do
    Giam Teck Choon
    :: Join choon.net Community today to share your tips and tricks on server issues please ::
    :: Singapore Dedicated Servers :: Singapore Virtual Private Servers :: Linux/FreeBSD Server Management ::

  14. #14
    Join Date
    Oct 2003
    Location
    Georgetown, Ontario
    Posts
    1,761
    Code:
    # grub.conf generated by anaconda
    #
    # Note that you do not have to rerun grub after making changes to this file
    # NOTICE:  You have a /boot partition.  This means that
    #          all kernel and initrd paths are relative to /boot/, eg.
    #          root (hd0,0)
    #          kernel /vmlinuz-version ro root=/dev/sda2
    #          initrd /initrd-version.img
    #boot=/dev/sda
    default=0
    fallback 1
    timeout=5
    splashimage=(hd0,0)/grub/splash.xpm.gz
    title Red Hat Linux (2.4.25-grsec)
            root (hd0,0)
            kernel /vmlinuz-2.4.25-grsec ro root=/dev/hda2
            initrd /initrd-2.4.25-grsec.img
    title Red Hat Linux (2.4.20-28.9)
            root (hd0,0)
            kernel /vmlinuz-2.4.20-28.9 ro root=LABEL=/
            initrd /initrd-2.4.20-28.9.img
    title Red Hat Linux (2.4.20-27.9)
            root (hd0,0)
            kernel /vmlinuz-2.4.20-27.9 ro root=LABEL=/
            initrd /initrd-2.4.20-27.9.img
    title Red Hat Linux (2.4.20-24.9)
            root (hd0,0)
            kernel /vmlinuz-2.4.20-24.9 ro root=LABEL=/
            initrd /initrd-2.4.20-24.9.img
    title Red Hat Linux (2.4.20-20.9)
            root (hd0,0)
            kernel /vmlinuz-2.4.20-20.9 ro root=LABEL=/
            initrd /initrd-2.4.20-20.9.img
    title Red Hat Linux (2.4.20-18.9)
            root (hd0,0)
            kernel /vmlinuz-2.4.20-18.9 ro root=LABEL=/
            initrd /initrd-2.4.20-18.9.img
    title Red Hat Linux (2.4.20-8)
            root (hd0,0)
            kernel /vmlinuz-2.4.20-8 ro root=LABEL=/
            initrd /initrd-2.4.20-8.img
    ии Repeat after me... ProSupport is the best... Prosupport is... ии
    ProSupport Host Support System - OUT NOW! Grab a copy yourself and see what the hype is about!
    VertiHost Inc. - We run a quality business. Do you?

  15. #15
    Join Date
    Jul 2001
    Location
    Singapore
    Posts
    1,790
    Change it to below:
    Code:
    # grub.conf generated by anaconda
    #
    # Note that you do not have to rerun grub after making changes to this file
    # NOTICE:  You have a /boot partition.  This means that
    #          all kernel and initrd paths are relative to /boot/, eg.
    #          root (hd0,0)
    #          kernel /vmlinuz-version ro root=/dev/sda2
    #          initrd /initrd-version.img
    #boot=/dev/sda
    default=1
    fallback=2
    timeout=5
    splashimage=(hd0,0)/grub/splash.xpm.gz
    title Red Hat Linux (2.4.25-grsec)
            root (hd0,0)
            kernel /vmlinuz-2.4.25-grsec ro root=LABEL=/
            initrd /initrd-2.4.25-grsec.img
    title Red Hat Linux (2.4.20-28.9)
            root (hd0,0)
            kernel /vmlinuz-2.4.20-28.9 ro root=LABEL=/
            initrd /initrd-2.4.20-28.9.img
    title Red Hat Linux (2.4.20-27.9)
            root (hd0,0)
            kernel /vmlinuz-2.4.20-27.9 ro root=LABEL=/
            initrd /initrd-2.4.20-27.9.img
    title Red Hat Linux (2.4.20-24.9)
            root (hd0,0)
            kernel /vmlinuz-2.4.20-24.9 ro root=LABEL=/
            initrd /initrd-2.4.20-24.9.img
    title Red Hat Linux (2.4.20-20.9)
            root (hd0,0)
            kernel /vmlinuz-2.4.20-20.9 ro root=LABEL=/
            initrd /initrd-2.4.20-20.9.img
    title Red Hat Linux (2.4.20-18.9)
            root (hd0,0)
            kernel /vmlinuz-2.4.20-18.9 ro root=LABEL=/
            initrd /initrd-2.4.20-18.9.img
    title Red Hat Linux (2.4.20-8)
            root (hd0,0)
            kernel /vmlinuz-2.4.20-8 ro root=LABEL=/
            initrd /initrd-2.4.20-8.img
    Then issue this command in order:
    Code:
    grub shell
    Then wait:
    Code:
    grub> savedefault --default=0 --once
    grub> quit
    Then reboot:
    Code:
    reboot
    Giam Teck Choon
    :: Join choon.net Community today to share your tips and tricks on server issues please ::
    :: Singapore Dedicated Servers :: Singapore Virtual Private Servers :: Linux/FreeBSD Server Management ::

  16. #16
    Join Date
    Jul 2001
    Location
    Singapore
    Posts
    1,790
    If it is booted to the default kernel and not grsecurity kernel... chances are you didn't patch the kernel source with libdata1 patch if you are using SATA
    Just my guess
    Giam Teck Choon
    :: Join choon.net Community today to share your tips and tricks on server issues please ::
    :: Singapore Dedicated Servers :: Singapore Virtual Private Servers :: Linux/FreeBSD Server Management ::

  17. #17
    Join Date
    Oct 2003
    Location
    Georgetown, Ontario
    Posts
    1,761
    Just did that and it didnt come back up. Had to call datacenter to revert back to old kernel and reboot it.

    Choon, could I talk to you on MSN or AIM if you have the time?
    ии Repeat after me... ProSupport is the best... Prosupport is... ии
    ProSupport Host Support System - OUT NOW! Grab a copy yourself and see what the hype is about!
    VertiHost Inc. - We run a quality business. Do you?

  18. #18
    Join Date
    Jul 2001
    Location
    Singapore
    Posts
    1,790
    Sure, no problem
    Giam Teck Choon
    :: Join choon.net Community today to share your tips and tricks on server issues please ::
    :: Singapore Dedicated Servers :: Singapore Virtual Private Servers :: Linux/FreeBSD Server Management ::

  19. #19
    Join Date
    Dec 2003
    Location
    UK
    Posts
    652
    When you guys have completed this, any chance of posting a summary ?

    I'm just about to build a local test box and go through the same process before hitting my live box, so I'd love to see the outcome of this.

  20. #20
    Join Date
    Oct 2003
    Location
    Georgetown, Ontario
    Posts
    1,761
    Ive tried this a few times now, but it keeps coming back saying that it cant find IPtables and eth0.

    Ive selected yes to everything that has to do with networking and internet connection when configuring the kernel, so I have no clue whats up with that.....
    ии Repeat after me... ProSupport is the best... Prosupport is... ии
    ProSupport Host Support System - OUT NOW! Grab a copy yourself and see what the hype is about!
    VertiHost Inc. - We run a quality business. Do you?

  21. #21
    Join Date
    Jul 2001
    Location
    Singapore
    Posts
    1,790
    Hey cMark, maybe you can update this thread about the outcome since monaghan is interested to know

  22. #22
    Join Date
    Oct 2003
    Location
    Georgetown, Ontario
    Posts
    1,761
    Sure.

    Actually, it's all pretty easy once you figure out a few things about configuring the kernel and compiling it.

    For example, I had no clue that make oldconfig kept your old configuration options and only let you modify the new options available in the kernel.

    And make SURE your compilers are not chmoded 000....



    After that, it's smooth sailing. Ive compiled the 2.4.25 kernel will grsecurity a few times now, and it has worked like a charm each time.
    ии Repeat after me... ProSupport is the best... Prosupport is... ии
    ProSupport Host Support System - OUT NOW! Grab a copy yourself and see what the hype is about!
    VertiHost Inc. - We run a quality business. Do you?

  23. #23
    Greetings Mark:

    Thank you for sharing.

    If you don't allow SSH, 700 tends to be better (from our experience) than 000 ;-)

    Thank you.
    ---
    Peter M. Abraham
    LinkedIn Profile

  24. #24
    Join Date
    Jul 2002
    Posts
    3,729
    Even if you do allow ssh, 700 is just fine. If they already have root to execute with 700, then they could just change the permissions from 000 if they wanted to. 000 is pointless.

  25. #25
    Greetings Andrew:

    Thank you for the correction.

    I wish I could say it was because my head was hurting from too many brick walls from a WHT poster asking why running Apache as root was a problem... but this mis-assumption on my part was made prior to that.

    Thank you.
    ---
    Peter M. Abraham
    LinkedIn Profile

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •