HOWTO: Installing Grsecurity patched kernel in debian/ubuntu
This is based on the same walkthrough I posted for grsecurity on red hat based kernels except this is for debian based kernels. The current stable debian kernel is vulnerable to about all of the new local exploits and if you are running the 2.4 kernel you are vulnerable to even more. Debian even had one of their servers hacked with the local root exploits, they only released a patched kernel for the testing branch to my knowledge.
The PDF version can be found HERE.
Ok so here goes.
If you have not done any compiling or built any kernels you must get the packages needed.
sudo apt-get install build-essential bin86 kernel-package
sudo apt-get install libqt3-headers libqt3-mt-dev (needed for make xconfig)
First get what is needed and patch the kernel.
tar -xjvf linux-184.108.40.206.tar.bz2
gunzip < grsecurity-2.1.9-220.127.116.11-200607261817.patch.gz | patch -p0
mv linux-18.104.22.168 linux-22.214.171.124-grsec
ln -s linux-126.96.36.199-grsec linux
copy your current config over
do uname -r to see what kernel your running and copy it, example:
cp /boot/config-2.6.15-26-686L .config
*Configure the kernel:
sudo make xconfig
if you are doing this on a server use makeconfig
make sure you select the basic stuff that is needed, iptables, your processor type, and then go in Security Options and to grsecurity, select which level of security you want and any other options you may want.
*In a terminal make sure you are in /usr/src/linux with full root access.
We will build a ".deb" file that can be installed in our Ubuntu system, using make-kpkg.
*In a terminal type:
make-kpkg -initrd --revision=ck2 kernel_image
If there wasn't errors this will build the kernel and a ".deb" file will be created at /usr/src.
*To install it:
sudo dpkg -i kernel-image-2.6.17*.deb
Now reboot and if you did everything correctly it should boot back up and you will be using the new grsecurity kernel.