Computer Forums

Computer Forums (http://www.geekboards.com/forums/index.php)
-   Building Websites (http://www.geekboards.com/forums/forumdisplay.php?f=3)
-   -   Compiling kernel 2.6.14.6 with grsec Centos 4.2 (http://www.geekboards.com/forums/showthread.php?t=727)

Soulwatcher 03-25-2006 12:13 AM
Compiling kernel 2.6.14.6 with grsec Centos 4.2
 
Warning use this guide at your own risk! It works on my server it doesn't mean it will work on yours.

you need gcc to compile kernel.
Code:
yum install gcc
ncurses-devel package is needed while compiling kernel
Code:
yum install ncurses-devel
I like to build my kernels in /usr/local/src
Code:
CD /usr/local/src
down Load kernel 2.6.14.6
Code:
wget http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.14.6.tar.gz
untar the kernel
Code:
tar -zxf linux-2.6.14.6.tar.gz
download the grsecurity patch
Code:
wget http://grsecurity.net/grsecurity-2.1.8-2.6.14.6-200601211647.patch.gz
patch the kernel
Code:
gunzip < grsecurity-2.1.8-2.6.14.6-200601211647.patch.gz | patch -p0
cd to the kernel
Code:
cd linux-2.6.14.6
clean your kernel source configuration etc
Code:
make clean && make mrproper
use your current configuration to configure your new kernel
Code:
cp /boot/config-`uname -r` .config
go into into the menu
Code:
make menuconfig
go to the grsecsecurity option select medium

now to actually compile the kernel
Code:
make bzImage
Code:
make modules
Code:
make modules_install
make sure there are *NO* errors after this! If you do get errors the below is not going to work.

copy the new files into your /boot directory.
Code:
cp .config /boot/config-2.6.14.6-grsec
cp arch/i386/boot/bzImage /boot/vmlinuz-2.6.14.6-grsec
cp System.map /boot/System.map-2.6.14.6-grsec
mkinitrd /boot/initrd-2.6.14.6-grsec.img 2.6.14.6-grsec
using your favorite editor edit the grub config file.
Code:
/boot/grub/grub.conf
add the following line
Code:
title CentOS (2.6.14.6-grsec)
        root (hd0,0)
        kernel /vmlinuz-2.6.14.6-grsec ro root=LABEL=/
        initrd /initrd-2.6.14.6-grsec.img
Edit: make sure you check the root=LABEL=/ in grub as it may be different than mine. Make sure you use your servers own root=LABEL=/

thats it your done save and exit.

chiefsmurph 03-25-2006 05:32 PM
kernel is a security thing, right? what does it actually do?

Soulwatcher 03-25-2006 05:41 PM
The kernel is the brain of the OS. With out it, Linux wouldn't run. Adding grsec to the kernel helps prevent the kernel from being hacked.

DomainerZone 03-27-2006 12:43 AM
I'm going to give this a go...

[QUOTE=Soulwatcher]
you need gcc to compile kernel.
[/QUTOE]
Already have it for some Perl modules I installed...

Quote:
Originally Posted by Soulwatcher
ncurses-devel package is needed while compiling kernel
I have no idea what this is, or what it is for, but I am installing it.

Quote:
Originally Posted by Soulwatcher
I like to build my kernels in /usr/local/src
Sounds good to me

Quote:
Originally Posted by Soulwatcher
down Load kernel 2.6.14.6
Wow...my first wget, the reason why I re-did my network to get this beast online.

Quote:
Originally Posted by Soulwatcher
untar the kernel
This was also exciting...

Quote:
Originally Posted by Soulwatcher
download the grsecurity patch
This was real easy to type in....with the few numbers and all...

Quote:
Originally Posted by Soulwatcher
patch the kernel
I typed this command in wrong and it took a while to figure out what happened.

Quote:
Originally Posted by Soulwatcher
cd to the kernel
Easy

Quote:
Originally Posted by Soulwatcher
clean your kernel source configuration etc
Also easy

Quote:
Originally Posted by Soulwatcher
use your current configuration to configure your new kernel
Still easy

Quote:
Originally Posted by Soulwatcher
go into into the menu
It was easy getting there...

Quote:
Originally Posted by Soulwatcher
go to the grsecsecurity option select medium
now to actually compile the kernel
Not so easy...I hope I am doing this right.
Making the stuff was a bit boring to watch.

Quote:
Originally Posted by Soulwatcher
make sure there are *NO* errors after this! If you do get errors the below is not going to work.

copy the new files into your /boot directory.
I got a few warnings, but no errors...here I go

Quote:
Originally Posted by Soulwatcher
thats it your done save and exit.
CRAP!...was I supposed to rename LABEL to something else? I get an error, file not found. Is there a way to go back and edit the grub.conf file to change root=LABEL=/ to something else?

Soulwatcher 03-27-2006 12:49 AM
Yes when the server boots up just select the old kernel and you will be fine. Make sure you use your servers root=LABEL=/ as it may be different than mine. I should have added that, I will go back and change the guide to reflect that.

Jarritos 04-03-2006 11:58 PM
Wow thanks it worked like a charm for me

Coop 04-13-2006 03:45 PM
Actually, the root=LABEL=/ line can be changed to root=/ and it will then work on anyones system. The LABEL bit is optional, and only used when you actually label partitions with fdisk. Generally, it's just easier not to use it for this sort of thing. So your full kernel command line would become :-

kernel /vmlinuz-2.6.14.6-grsec ro root=/


All times are GMT -5. The time now is 09:07 AM.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
HTML Help provided by HTML Help Central.