Language Selection

English French German Italian Portuguese Spanish

HOWTO: Installing Grsecurity patched kernel in debian/ubuntu

Filed under
Howtos

Source: http://evolution-security.com

This is based on the same walkthrough I posted for grsecurity on red hat based kernels except this is for debian based kernels. The current stable debian kernel is vulnerable to about all of the new local exploits and if you are running the 2.4 kernel you are vulnerable to even more. Debian even had one of their servers hacked with the local root exploits, they only released a patched kernel for the testing branch to my knowledge.
The PDF version can be found HERE.
Ok so here goes.

If you have not done any compiling or built any kernels you must get the packages needed.

sudo apt-get install build-essential bin86 kernel-package

sudo apt-get install libqt3-headers libqt3-mt-dev (needed for make xconfig)

First get what is needed and patch the kernel.

cd /usr/src


wget http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.17.7.tar.bz2

wget http://grsecurity.org/grsecurity-2.1.9-2.6.17.7-200607261817.patch.gz

tar -xjvf linux-2.6.17.7.tar.bz2


gunzip < grsecurity-2.1.9-2.6.17.7-200607261817.patch.gz | patch -p0


mv linux-2.6.17.7 linux-2.6.17.7-grsec

ln -s linux-2.6.17.7-grsec linux

cd linux

copy your current config over

do uname -r to see what kernel your running and copy it, example:

cp /boot/config-2.6.15-26-686L .config

*Configure the kernel:

sudo make xconfig

if you are doing this on a server use makeconfig

make sure you select the basic stuff that is needed, iptables, your processor type, and then go in Security Options and to grsecurity, select which level of security you want and any other options you may want.

*In a terminal make sure you are in /usr/src/linux with full root access.

We will build a ".deb" file that can be installed in our Ubuntu system, using make-kpkg.

*In a terminal type:

make-kpkg clean

make-kpkg -initrd --revision=ck2 kernel_image

If there wasn't errors this will build the kernel and a ".deb" file will be created at /usr/src.
*To install it:

sudo dpkg -i kernel-image-2.6.17*.deb

Now reboot and if you did everything correctly it should boot back up and you will be using the new grsecurity kernel.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

hmm, sorry about the bbcode

hmm, sorry about the bbcode errors, you should still know what to copy

re: bbcode

I fixed it best I could using html.

----
You talk the talk, but do you waddle the waddle?

Note

for who ever does this walkthrough, I copied the deb package making off my ck tutorial and left that in one place
make-kpkg -initrd --revision=ck2 kernel_image

when you do that you can make it whatever you want, even that would work just remember that kernel is grsecurity.

Also on the installing on server, use make menuconfig to make your config

I was too worried about the bbcode and made a few typos, couldnt find a way to edit.

More in Tux Machines

KDE Interview Questions - Riccardo Iaconelli

Currently, I am the maintainer of WikiToLearn, working on all the parts of the project where is needed, but mostly on the promotion/networking side. I deliver talks and presentations, and I am in charge of getting in touch with excellent academic institutions that could partner with us. In the past... well, I have been doing thousands of things! :-) I have been a core developer of Plasma, writing the first plasmoids, a core developer and a designer of Oxygen (working on the theme, window decoration, cursor theme, icons, wallpapers...) and many more things (from kdelibs to games to PIM). Probably the major work (outside these big projects) I am most proud of the complete UI redesign (and implementation) of Amarok in QML. It was sexy, but unfortunately it was never released, due to a decision of the maintainers. Read more

More Maru OS

Red Hat News

  • What Systemd Developers Want To Change With Linux User-Space In 2016
    Last weekend at FOSDEM, Lennart Poettering was one of the keynote speakers where he presented on systemd's user-space plans for the years. Lennart's presentation was entitled systemd and Where We Want to Take the Basic Linux Userspace in 2016. I held off on covering it since the PDF slides weren't available, but alas, they still aren't out yet short of watching the video (the audio quality isn't that good).
  • Growth Score By Zacks: Red Hat, Inc. (NYSE:RHT)
    Zacks Research has covered Red Hat, Inc. (NYSE:RHT) in the list of firms boasting a positive Growth Style Score. This encouraging perspective is reached after studying the company financial report and the growth prospect of the firm.
  • Scientific Linux 7.2 Officially Released
    While it took a while past the November release of Red Hat Enterprise Linux 7.2, available this weekend is Scientific Linux 7.2. Just as planned, Scientific Linux 7.2 is now available for those wanting this distribution derived from RHEL 7.2 with a focus on science-related Linux users.