Recent Changes - Search:

Softwares

.

Linux-Kernel-recompilation-with-GRSECURITY

Main.Linux-Kernel-recompilation-with-GRSECURITY History

Show minor edits - Show changes to output

May 27, 2009, at 01:06 PM by 118.95.2.142 -
Added lines 1-130:
(:Googlemm:)
----

%green%'''Linux Kernel recompilation with GRSECURITY'''


cd /usr/src

wget http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.17.11.tar.bz2

wget http://grsecurity.org/grsecurity-2.1.9-2.6.17.11-200608282236.patch.gz

tar -xjvf linux-2.6.17.11.tar.bz2

gunzip < grsecurity-2.1.9-2.6.17.11-200608282236.patch.gz | patch -p0

mv linux-2.6.17.11 linux-2.6.17.11-grsec

ln -s linux-2.6.17.11-grsec linux


cd linux

copy your current config over

do uname -r to see what kernel your running and copy it, example:

cp /boot/config-2.6.9-22.0.2.EL .config

make oldconfig

ok make sure you select the basic stuff that is needed, iptables, your processor type,
and then go in Security Options and to grsecurity, select which level of security you
want and any other options you may want.

make bzImage

make modules

make modules_install

make install

Check your /boot/grub/grub.conf and make sure default is 1, then

grub
savedefault --default=0 --once
quit
Make sure that the following packages are available....

Current Minimal Requirements
============================

Upgrade to at *least* these software revisions before thinking you've
encountered a bug! If you're unsure what version you're currently
running, the suggested command should tell you.

Again, keep in mind that this list assumes you are already
functionally running a Linux 2.4 kernel. Also, not all tools are
necessary on all systems; obviously, if you don't have any ISDN
hardware, for example, you probably needn't concern yourself with
isdn4k-utils.

o Gnu C 3.2 # gcc --version
o Gnu make 3.79.1 # make --version
o binutils 2.12 # ld -v
o util-linux 2.10o # fdformat --version
o module-init-tools 0.9.10 # depmod -V
o e2fsprogs 1.29 # tune2fs
o jfsutils 1.1.3 # fsck.jfs -V
o reiserfsprogs 3.6.3 # reiserfsck -V 2>&1|grep reiserfsprogs
o xfsprogs 2.6.0 # xfs_db -V
o pcmciautils 004 # pccardctl -V
o quota-tools 3.09 # quota -V
o PPP 2.4.0 # pppd --version
o isdn4k-utils 3.1pre1 # isdnctrl 2>&1|grep version
o nfs-utils 1.0.5 # showmount --version
o procps 3.2.0 # ps --version
o oprofile 0.9 # oprofiled --version
o udev 081 # udevinfo -V

Kernel compilationroot@fast [~/support/linux-2.6.20/Documentation]# vi Changes



Basic tools:

automake
autocnf
binutils
bison
byac
cdecl
dev86
flex
gcc
gcc-c++
gdb
gettex
libtool
make
perl-CPAN
pkgconfig
python-devel
redhat-rpm-config
rpm-build
strace
texinfo




grsecurity

grsecurity is an innovative approach to security utilizing a multi-layered detection, prevention, and containment model. It is licensed under the GPL.

It offers among many other features:

* An intelligent and robust Role-Based Access Control (RBAC) system that can generate least privilege policies for your entire system with no configuration
* Change root (chroot) hardening
* /tmp race prevention
* Extensive auditing
* Prevention of arbitrary code execution, regardless of the technique used (stack smashing, heap corruption, etc)
* Prevention of arbitrary code execution in the kernel
* Randomization of the stack, library, and heap bases
* Kernel stack base randomization
* Protection against exploitable null-pointer dereference bugs in the kernel
* Reduction of the risk of sensitive information being leaked by arbitrary-read kernel bugs
* A restriction that allows a user to only view his/her processes
* Security alerts and audits that contain the IP address of the person causing the alert
Edit - History - Print - Recent Changes - Search
Page last modified on May 27, 2009, at 01:06 PM