Softwares |
Main /
Linux-Kernel-recompilation-with-GRSECURITYMain.Linux-Kernel-recompilation-with-GRSECURITY HistoryShow minor edits - Show changes to output Added lines 1-130:
(:Googlemm:) ---- %green%'''Linux Kernel recompilation with GRSECURITY''' cd /usr/src wget http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.17.11.tar.bz2 wget http://grsecurity.org/grsecurity-2.1.9-2.6.17.11-200608282236.patch.gz tar -xjvf linux-2.6.17.11.tar.bz2 gunzip < grsecurity-2.1.9-2.6.17.11-200608282236.patch.gz | patch -p0 mv linux-2.6.17.11 linux-2.6.17.11-grsec ln -s linux-2.6.17.11-grsec linux cd linux copy your current config over do uname -r to see what kernel your running and copy it, example: cp /boot/config-2.6.9-22.0.2.EL .config make oldconfig ok make sure you select the basic stuff that is needed, iptables, your processor type, and then go in Security Options and to grsecurity, select which level of security you want and any other options you may want. make bzImage make modules make modules_install make install Check your /boot/grub/grub.conf and make sure default is 1, then grub savedefault --default=0 --once quit Make sure that the following packages are available.... Current Minimal Requirements ============================ Upgrade to at *least* these software revisions before thinking you've encountered a bug! If you're unsure what version you're currently running, the suggested command should tell you. Again, keep in mind that this list assumes you are already functionally running a Linux 2.4 kernel. Also, not all tools are necessary on all systems; obviously, if you don't have any ISDN hardware, for example, you probably needn't concern yourself with isdn4k-utils. o Gnu C 3.2 # gcc --version o Gnu make 3.79.1 # make --version o binutils 2.12 # ld -v o util-linux 2.10o # fdformat --version o module-init-tools 0.9.10 # depmod -V o e2fsprogs 1.29 # tune2fs o jfsutils 1.1.3 # fsck.jfs -V o reiserfsprogs 3.6.3 # reiserfsck -V 2>&1|grep reiserfsprogs o xfsprogs 2.6.0 # xfs_db -V o pcmciautils 004 # pccardctl -V o quota-tools 3.09 # quota -V o PPP 2.4.0 # pppd --version o isdn4k-utils 3.1pre1 # isdnctrl 2>&1|grep version o nfs-utils 1.0.5 # showmount --version o procps 3.2.0 # ps --version o oprofile 0.9 # oprofiled --version o udev 081 # udevinfo -V Kernel compilationroot@fast [~/support/linux-2.6.20/Documentation]# vi Changes Basic tools: automake autocnf binutils bison byac cdecl dev86 flex gcc gcc-c++ gdb gettex libtool make perl-CPAN pkgconfig python-devel redhat-rpm-config rpm-build strace texinfo grsecurity grsecurity is an innovative approach to security utilizing a multi-layered detection, prevention, and containment model. It is licensed under the GPL. It offers among many other features: * An intelligent and robust Role-Based Access Control (RBAC) system that can generate least privilege policies for your entire system with no configuration * Change root (chroot) hardening * /tmp race prevention * Extensive auditing * Prevention of arbitrary code execution, regardless of the technique used (stack smashing, heap corruption, etc) * Prevention of arbitrary code execution in the kernel * Randomization of the stack, library, and heap bases * Kernel stack base randomization * Protection against exploitable null-pointer dereference bugs in the kernel * Reduction of the risk of sensitive information being leaked by arbitrary-read kernel bugs * A restriction that allows a user to only view his/her processes * Security alerts and audits that contain the IP address of the person causing the alert |