• View
• Edit
• History
• Print

Linux-Kernel-recompilation-with-GRSECURITY

Linux Kernel recompilation with GRSECURITY

    cd /usr/src

    wget http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.17.11.tar.bz2

    wget http://grsecurity.org/grsecurity-2.1.9-2.6.17.11-200608282236.patch.gz

    tar -xjvf linux-2.6.17.11.tar.bz2

    gunzip < grsecurity-2.1.9-2.6.17.11-200608282236.patch.gz | patch -p0

    mv linux-2.6.17.11 linux-2.6.17.11-grsec

    ln -s linux-2.6.17.11-grsec linux


    cd linux

    copy your current config over

    do uname -r to see what kernel your running and copy it, example:

    cp /boot/config-2.6.9-22.0.2.EL .config

    make oldconfig

    ok make sure you select the basic stuff that is needed, iptables, your processor type,
    and then go in Security Options and to grsecurity, select which level of security you
    want and any other options you may want.

    make bzImage

    make modules

    make modules_install

    make install

    Check your /boot/grub/grub.conf and make sure default is 1, then

    grub
    savedefault --default=0 --once
    quit
    Make sure that the following packages are available....

    Current Minimal Requirements
    ============================

    Upgrade to at *least* these software revisions before thinking you've
    encountered a bug! If you're unsure what version you're currently
    running, the suggested command should tell you.

    Again, keep in mind that this list assumes you are already
    functionally running a Linux 2.4 kernel. Also, not all tools are
    necessary on all systems; obviously, if you don't have any ISDN
    hardware, for example, you probably needn't concern yourself with
    isdn4k-utils.

    o Gnu C 3.2 # gcc --version
    o Gnu make 3.79.1 # make --version
    o binutils 2.12 # ld -v
    o util-linux 2.10o # fdformat --version
    o module-init-tools 0.9.10 # depmod -V
    o e2fsprogs 1.29 # tune2fs
    o jfsutils 1.1.3 # fsck.jfs -V
    o reiserfsprogs 3.6.3 # reiserfsck -V 2>&1|grep reiserfsprogs
    o xfsprogs 2.6.0 # xfs_db -V
    o pcmciautils 004 # pccardctl -V
    o quota-tools 3.09 # quota -V
    o PPP 2.4.0 # pppd --version
    o isdn4k-utils 3.1pre1 # isdnctrl 2>&1|grep version
    o nfs-utils 1.0.5 # showmount --version
    o procps 3.2.0 # ps --version
    o oprofile 0.9 # oprofiled --version
    o udev 081 # udevinfo -V

    Kernel compilationroot@fast [~/support/linux-2.6.20/Documentation]# vi Changes



    Basic tools:

    automake
    autocnf
    binutils
    bison
    byac
    cdecl
    dev86
    flex
    gcc
    gcc-c++
    gdb
    gettex
    libtool
    make
    perl-CPAN
    pkgconfig
    python-devel
    redhat-rpm-config
    rpm-build
    strace
    texinfo

grsecurity

grsecurity is an innovative approach to security utilizing a multi-layered detection, prevention, and containment model. It is licensed under the GPL.

It offers among many other features:

• An intelligent and robust Role-Based Access Control (RBAC) system that can generate least privilege policies for your entire system with no configuration
• Change root (chroot) hardening
• /tmp race prevention
• Extensive auditing
• Prevention of arbitrary code execution, regardless of the technique used (stack smashing, heap corruption, etc)
• Prevention of arbitrary code execution in the kernel
• Randomization of the stack, library, and heap bases
• Kernel stack base randomization
• Protection against exploitable null-pointer dereference bugs in the kernel
• Reduction of the risk of sensitive information being leaked by arbitrary-read kernel bugs
• A restriction that allows a user to only view his/her processes
• Security alerts and audits that contain the IP address of the person causing the alert