Language Selection

English French German Italian Portuguese Spanish

HOWTO: Installing Grsecurity patched kernel in debian/ubuntu

Filed under
Howtos

Source: http://evolution-security.com

This is based on the same walkthrough I posted for grsecurity on red hat based kernels except this is for debian based kernels. The current stable debian kernel is vulnerable to about all of the new local exploits and if you are running the 2.4 kernel you are vulnerable to even more. Debian even had one of their servers hacked with the local root exploits, they only released a patched kernel for the testing branch to my knowledge.
The PDF version can be found HERE.
Ok so here goes.

If you have not done any compiling or built any kernels you must get the packages needed.

sudo apt-get install build-essential bin86 kernel-package

sudo apt-get install libqt3-headers libqt3-mt-dev (needed for make xconfig)

First get what is needed and patch the kernel.

cd /usr/src


wget http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.17.7.tar.bz2

wget http://grsecurity.org/grsecurity-2.1.9-2.6.17.7-200607261817.patch.gz

tar -xjvf linux-2.6.17.7.tar.bz2


gunzip < grsecurity-2.1.9-2.6.17.7-200607261817.patch.gz | patch -p0


mv linux-2.6.17.7 linux-2.6.17.7-grsec

ln -s linux-2.6.17.7-grsec linux

cd linux

copy your current config over

do uname -r to see what kernel your running and copy it, example:

cp /boot/config-2.6.15-26-686L .config

*Configure the kernel:

sudo make xconfig

if you are doing this on a server use makeconfig

make sure you select the basic stuff that is needed, iptables, your processor type, and then go in Security Options and to grsecurity, select which level of security you want and any other options you may want.

*In a terminal make sure you are in /usr/src/linux with full root access.

We will build a ".deb" file that can be installed in our Ubuntu system, using make-kpkg.

*In a terminal type:

make-kpkg clean

make-kpkg -initrd --revision=ck2 kernel_image

If there wasn't errors this will build the kernel and a ".deb" file will be created at /usr/src.
*To install it:

sudo dpkg -i kernel-image-2.6.17*.deb

Now reboot and if you did everything correctly it should boot back up and you will be using the new grsecurity kernel.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

hmm, sorry about the bbcode

hmm, sorry about the bbcode errors, you should still know what to copy

re: bbcode

I fixed it best I could using html.

----
You talk the talk, but do you waddle the waddle?

Note

for who ever does this walkthrough, I copied the deb package making off my ck tutorial and left that in one place
make-kpkg -initrd --revision=ck2 kernel_image

when you do that you can make it whatever you want, even that would work just remember that kernel is grsecurity.

Also on the installing on server, use make menuconfig to make your config

I was too worried about the bbcode and made a few typos, couldnt find a way to edit.

More in Tux Machines

The Growing Linux on Power Ecosystem

Earlier this month, a report by the Linux Foundation identified that Linux deployments are up 14 percent over the last three years, while Windows is down 9 percent. In addition, Linux solutions have grown 23 percent since 2013. What this further confirmed is that our strategy for IBM Power Systems growth is aligned with market realities: that Linux continues to grow in both the cloud and in enterprise application deployments – and more and more enterprises are turning to the value of Linux. (Source: ZDNet) Read more Also: Rackspace Embraces OpenPOWER

2014 Was the Year of Android Everywhere

Android has never enjoyed quite the same fanboy enthusiasm among its users as Apple's iOS or desktop Linux. Yet, thanks in part to the fairly open licensing of the Linux-based mobile OS, Android quickly evolved and improved. Like Google Search, it quietly crept into our lives, and decided to stay. Android smartphones and tablets now represent about 80 percent and 70 percent global market share, respectively (see the companion article, Android Dominates Global Smartphone Market in 2014.) Read more Also: Android Dominates Global Smartphone Market in 2014

Linux Mint 17.1 “Rebecca” KDE RC released!

The team is proud to announce the release of Linux Mint 17.1 “Rebecca” KDE RC. Read more

Get Out the Vote for LinuxQuestions.org

One great thing about this poll — probably the best thing about this poll — is that each of the categories has an extremely wide range of candidates, and there are programs in many of the categories that I’ve never heard of. Hearing about them for the first time, I get to try them out. So not only is it fun — yeah, I think voting is fun (so shoot me) — it’s also educational. Read more