Language Selection

English French German Italian Portuguese Spanish

HOWTO: Installing Grsecurity patched kernel in debian/ubuntu

Filed under
Howtos

Source: http://evolution-security.com

This is based on the same walkthrough I posted for grsecurity on red hat based kernels except this is for debian based kernels. The current stable debian kernel is vulnerable to about all of the new local exploits and if you are running the 2.4 kernel you are vulnerable to even more. Debian even had one of their servers hacked with the local root exploits, they only released a patched kernel for the testing branch to my knowledge.
The PDF version can be found HERE.
Ok so here goes.

If you have not done any compiling or built any kernels you must get the packages needed.

sudo apt-get install build-essential bin86 kernel-package

sudo apt-get install libqt3-headers libqt3-mt-dev (needed for make xconfig)

First get what is needed and patch the kernel.

cd /usr/src


wget http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.17.7.tar.bz2

wget http://grsecurity.org/grsecurity-2.1.9-2.6.17.7-200607261817.patch.gz

tar -xjvf linux-2.6.17.7.tar.bz2


gunzip < grsecurity-2.1.9-2.6.17.7-200607261817.patch.gz | patch -p0


mv linux-2.6.17.7 linux-2.6.17.7-grsec

ln -s linux-2.6.17.7-grsec linux

cd linux

copy your current config over

do uname -r to see what kernel your running and copy it, example:

cp /boot/config-2.6.15-26-686L .config

*Configure the kernel:

sudo make xconfig

if you are doing this on a server use makeconfig

make sure you select the basic stuff that is needed, iptables, your processor type, and then go in Security Options and to grsecurity, select which level of security you want and any other options you may want.

*In a terminal make sure you are in /usr/src/linux with full root access.

We will build a ".deb" file that can be installed in our Ubuntu system, using make-kpkg.

*In a terminal type:

make-kpkg clean

make-kpkg -initrd --revision=ck2 kernel_image

If there wasn't errors this will build the kernel and a ".deb" file will be created at /usr/src.
*To install it:

sudo dpkg -i kernel-image-2.6.17*.deb

Now reboot and if you did everything correctly it should boot back up and you will be using the new grsecurity kernel.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

hmm, sorry about the bbcode

hmm, sorry about the bbcode errors, you should still know what to copy

re: bbcode

I fixed it best I could using html.

----
You talk the talk, but do you waddle the waddle?

Note

for who ever does this walkthrough, I copied the deb package making off my ck tutorial and left that in one place
make-kpkg -initrd --revision=ck2 kernel_image

when you do that you can make it whatever you want, even that would work just remember that kernel is grsecurity.

Also on the installing on server, use make menuconfig to make your config

I was too worried about the bbcode and made a few typos, couldnt find a way to edit.

More in Tux Machines

Three great Android tools for Linux and Windows sysadmin

Systems administration isn't a simple job — and being able to respond to issues quickly is a definite plus. Not long ago, server problems meant receiving a phone alert followed by a trip to the data center to fix whatever was wrong. Today, having full-powered computers such as smartphones or tablets literally in your hand is a tremendous help when doing sysadmin. Load Android with a few key applications and you can remotely monitor servers and services, get alerts and warnings as they occur, and solve problems without any travel at all. Read more

KDBUS Submitted For Review To The Mainline Linux Kernel

It looks like KDBUS, the Linux kernel D-Bus implementation, is posed to be added to the next kernel release after Greg Kroah-Hartman sent out its patches today. Read more

Windows Phone Shrinks In Android-Dominated Europe, As New iPhones Boost iOS’ Share

Spare a thought for Microsoft, a relative newcomer to the mobile making business, after Redmond completed its $7.2BN+ acquisition of former European mobile making powerhouse Nokia earlier this year. If Microsoft was hoping to see quick marketshare wins in Europe once its hands were fully on the levers of production that has not come to pass. The latest 12-week smartphone sales figures from Kantar Worldpanel ComTech, up to this September, indicate that Windows Phone’s already small share of the smartphone market has shrunk in Europe — dropping 0.3 percentage points in aggregate across the top five markets in Europe (the UK, France, Spain, Italy and Germany). Read more

35 Essential Android Apps for Daily Use

This list of essential Android apps are the ones you must have apps you need every day. They help with email, weather, music, and handful of other essential tasks. Read more