Language Selection

English French German Italian Portuguese Spanish

HOWTO: Installing Grsecurity patched kernel in debian/ubuntu

Filed under
Howtos

Source: http://evolution-security.com

This is based on the same walkthrough I posted for grsecurity on red hat based kernels except this is for debian based kernels. The current stable debian kernel is vulnerable to about all of the new local exploits and if you are running the 2.4 kernel you are vulnerable to even more. Debian even had one of their servers hacked with the local root exploits, they only released a patched kernel for the testing branch to my knowledge.
The PDF version can be found HERE.
Ok so here goes.

If you have not done any compiling or built any kernels you must get the packages needed.

sudo apt-get install build-essential bin86 kernel-package

sudo apt-get install libqt3-headers libqt3-mt-dev (needed for make xconfig)

First get what is needed and patch the kernel.

cd /usr/src


wget http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.17.7.tar.bz2

wget http://grsecurity.org/grsecurity-2.1.9-2.6.17.7-200607261817.patch.gz

tar -xjvf linux-2.6.17.7.tar.bz2


gunzip < grsecurity-2.1.9-2.6.17.7-200607261817.patch.gz | patch -p0


mv linux-2.6.17.7 linux-2.6.17.7-grsec

ln -s linux-2.6.17.7-grsec linux

cd linux

copy your current config over

do uname -r to see what kernel your running and copy it, example:

cp /boot/config-2.6.15-26-686L .config

*Configure the kernel:

sudo make xconfig

if you are doing this on a server use makeconfig

make sure you select the basic stuff that is needed, iptables, your processor type, and then go in Security Options and to grsecurity, select which level of security you want and any other options you may want.

*In a terminal make sure you are in /usr/src/linux with full root access.

We will build a ".deb" file that can be installed in our Ubuntu system, using make-kpkg.

*In a terminal type:

make-kpkg clean

make-kpkg -initrd --revision=ck2 kernel_image

If there wasn't errors this will build the kernel and a ".deb" file will be created at /usr/src.
*To install it:

sudo dpkg -i kernel-image-2.6.17*.deb

Now reboot and if you did everything correctly it should boot back up and you will be using the new grsecurity kernel.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

hmm, sorry about the bbcode

hmm, sorry about the bbcode errors, you should still know what to copy

re: bbcode

I fixed it best I could using html.

----
You talk the talk, but do you waddle the waddle?

Note

for who ever does this walkthrough, I copied the deb package making off my ck tutorial and left that in one place
make-kpkg -initrd --revision=ck2 kernel_image

when you do that you can make it whatever you want, even that would work just remember that kernel is grsecurity.

Also on the installing on server, use make menuconfig to make your config

I was too worried about the bbcode and made a few typos, couldnt find a way to edit.

More in Tux Machines

HTC U11 Life (Android One) review: Keep it simple

Android One has arrived in Europe, and HTC is one of the first manufacturers to ship an affordable, Google-branded phone. The Android One badge made its debut in India and parts of Asia, as Google emphasized quality software on super-cheap hardware. But with its latest round of "One" handsets, the prices are higher, the products more premium, and the hand on the software rudder a little firmer. The Android One U11 Life — unlike the T-Mobile U.S. version we reviewed separately, running HTC Sense — runs Android 8.0 Oreo out of the box, and comes with the promise of timely updates to future versions. It takes the fundamentals of HTC's flagship phone and downscales it into a smaller size, while trimming the specs back to the essentials. There's a Snapdragon 630 processor — Qualcomm's latest mid-ranger, and the successor to the very capable 625/626 — along with 3GB or 4GB of RAM, and 32 or 64GB of storage, plus microSD. I've been using the 3/32GB model for the past couple of weeks, however the UK will be getting the more capacious 4/64GB model when it goes on sale. Read more

The power of open source: Why GitLab's move to a Developer Certificate of Origin benefits the developer community

Over the past few years, open source software has transformed the way enterprises operate and ship code. In an era where companies are striving to deliver the next best application, enterprises are turning to the sea of open source contributors to create projects faster and more effectively than ever before. For instance, 65 percent of companies surveyed in The Black Duck Future of Open Source Survey reveal they are contributing to open source projects – with 59 percent doing so to gain a competitive edge. As open source continues to have a positive influence on software development, it’s important for developers to continue to participate in and contribute to open source projects. Read more

Linux File-System Benchmarks On The Intel Optane 900P SSD

Earlier this week I presented out initial Linux benchmarks of the Intel Optane 900P SSD with this 3D XPoint memory U.2 solid-state drive delivering incredible performance figures. Those tests were done with EXT4 while in this article are more tests with other mainline Linux file-systems and also testing some of the different mount options. Read more

Software taking over, but hardware still has a role: Linux expert

Matthias Eckermann (below, right), director of product management for SUSE Linux Enterprise at the the Nuremberg-based company, said in response to queries from iTWire that software-defined infrastructure would bring about a change in existing business processes, and allow new business processes to be implemented. But he said this did not necessarily mean that hardware businesses were staring down the barrel at extinction. Read more