Computer Geeks

Computer Geeks

Geek Shop

Geek News

Geek Stuff

Science Geek

Computer Gaming

Linux Chat

Building Websites

Computer Forums

Computer Help Forum

Computer Hardware Forum

Computer Software Programs


Go Back   Computer Forums > Building Websites

Building Websites This section covers all aspects of publishing, developing and maintaining websites. Topics include: website design, graphic design, website programming, web hosting, website marketing (SEO, link exchange, publicity, advertising), monetization & etc.

Computer Geeks
» Active Discussions
Computer Geeks
No Threads to Display.
» Other Websites
- Software Publishing

- Server Hardening
Reply
 
Thread Tools Display Modes
  #1  
Old 03-25-2006, 12:13 AM
Soulwatcher's Avatar
Soulwatcher Soulwatcher is offline
Senior Member
GB GEEK
 
Join Date: Feb 2006
Posts: 309
Send a message via MSN to Soulwatcher
Default Compiling kernel 2.6.14.6 with grsec Centos 4.2

Warning use this guide at your own risk! It works on my server it doesn't mean it will work on yours.

you need gcc to compile kernel.
Code:
yum install gcc
ncurses-devel package is needed while compiling kernel
Code:
yum install ncurses-devel
I like to build my kernels in /usr/local/src
Code:
CD /usr/local/src
down Load kernel 2.6.14.6
Code:
wget http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.14.6.tar.gz
untar the kernel
Code:
tar -zxf linux-2.6.14.6.tar.gz
download the grsecurity patch
Code:
wget http://grsecurity.net/grsecurity-2.1.8-2.6.14.6-200601211647.patch.gz
patch the kernel
Code:
gunzip < grsecurity-2.1.8-2.6.14.6-200601211647.patch.gz | patch -p0
cd to the kernel
Code:
cd linux-2.6.14.6
clean your kernel source configuration etc
Code:
make clean && make mrproper
use your current configuration to configure your new kernel
Code:
cp /boot/config-`uname -r` .config
go into into the menu
Code:
make menuconfig
go to the grsecsecurity option select medium

now to actually compile the kernel
Code:
make bzImage
Code:
make modules
Code:
make modules_install
make sure there are *NO* errors after this! If you do get errors the below is not going to work.

copy the new files into your /boot directory.
Code:
cp .config /boot/config-2.6.14.6-grsec
cp arch/i386/boot/bzImage /boot/vmlinuz-2.6.14.6-grsec
cp System.map /boot/System.map-2.6.14.6-grsec
mkinitrd /boot/initrd-2.6.14.6-grsec.img 2.6.14.6-grsec
using your favorite editor edit the grub config file.
Code:
/boot/grub/grub.conf
add the following line
Code:
title CentOS (2.6.14.6-grsec)
	root (hd0,0)
	kernel /vmlinuz-2.6.14.6-grsec ro root=LABEL=/
	initrd /initrd-2.6.14.6-grsec.img
Edit: make sure you check the root=LABEL=/ in grub as it may be different than mine. Make sure you use your servers own root=LABEL=/

thats it your done save and exit.
Reply With Quote
  #2  
Old 03-25-2006, 05:32 PM
chiefsmurph chiefsmurph is offline
Junior Member
GB Beginner
 
Join Date: Mar 2006
Posts: 29
Default

kernel is a security thing, right? what does it actually do?
Reply With Quote
  #3  
Old 03-25-2006, 05:41 PM
Soulwatcher's Avatar
Soulwatcher Soulwatcher is offline
Senior Member
GB GEEK
 
Join Date: Feb 2006
Posts: 309
Send a message via MSN to Soulwatcher
Default

The kernel is the brain of the OS. With out it, Linux wouldn't run. Adding grsec to the kernel helps prevent the kernel from being hacked.
Reply With Quote
  #4  
Old 03-27-2006, 12:43 AM
DomainerZone DomainerZone is offline
Member
GB Beginner
 
Join Date: Mar 2006
Posts: 49
Default

I'm going to give this a go...

[QUOTE=Soulwatcher]
you need gcc to compile kernel.
[/QUTOE]
Already have it for some Perl modules I installed...

Quote:
Originally Posted by Soulwatcher
ncurses-devel package is needed while compiling kernel
I have no idea what this is, or what it is for, but I am installing it.

Quote:
Originally Posted by Soulwatcher
I like to build my kernels in /usr/local/src
Sounds good to me

Quote:
Originally Posted by Soulwatcher
down Load kernel 2.6.14.6
Wow...my first wget, the reason why I re-did my network to get this beast online.

Quote:
Originally Posted by Soulwatcher
untar the kernel
This was also exciting...

Quote:
Originally Posted by Soulwatcher
download the grsecurity patch
This was real easy to type in....with the few numbers and all...

Quote:
Originally Posted by Soulwatcher
patch the kernel
I typed this command in wrong and it took a while to figure out what happened.

Quote:
Originally Posted by Soulwatcher
cd to the kernel
Easy

Quote:
Originally Posted by Soulwatcher
clean your kernel source configuration etc
Also easy

Quote:
Originally Posted by Soulwatcher
use your current configuration to configure your new kernel
Still easy

Quote:
Originally Posted by Soulwatcher
go into into the menu
It was easy getting there...

Quote:
Originally Posted by Soulwatcher
go to the grsecsecurity option select medium
now to actually compile the kernel
Not so easy...I hope I am doing this right.
Making the stuff was a bit boring to watch.

Quote:
Originally Posted by Soulwatcher
make sure there are *NO* errors after this! If you do get errors the below is not going to work.

copy the new files into your /boot directory.
I got a few warnings, but no errors...here I go

Quote:
Originally Posted by Soulwatcher
thats it your done save and exit.
CRAP!...was I supposed to rename LABEL to something else? I get an error, file not found. Is there a way to go back and edit the grub.conf file to change root=LABEL=/ to something else?
Reply With Quote
  #5  
Old 03-27-2006, 12:49 AM
Soulwatcher's Avatar
Soulwatcher Soulwatcher is offline
Senior Member
GB GEEK
 
Join Date: Feb 2006
Posts: 309
Send a message via MSN to Soulwatcher
Default

Yes when the server boots up just select the old kernel and you will be fine. Make sure you use your servers root=LABEL=/ as it may be different than mine. I should have added that, I will go back and change the guide to reflect that.
Reply With Quote
  #6  
Old 04-03-2006, 11:58 PM
Jarritos Jarritos is offline
Junior Member
GB Beginner
 
Join Date: Mar 2006
Posts: 20
Default

Wow thanks it worked like a charm for me
Reply With Quote
  #7  
Old 04-13-2006, 03:45 PM
Coop Coop is offline
Member
GB Beginner
 
Join Date: Apr 2006
Posts: 34
Default

Actually, the root=LABEL=/ line can be changed to root=/ and it will then work on anyones system. The LABEL bit is optional, and only used when you actually label partitions with fdisk. Generally, it's just easier not to use it for this sort of thing. So your full kernel command line would become :-

kernel /vmlinuz-2.6.14.6-grsec ro root=/
__________________
Coop
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Powered by vBadvanced CMPS v3.2.3

All times are GMT -5. The time now is 08:18 PM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
HTML Help provided by HTML Help Central.