Language Selection

English French German Italian Portuguese Spanish

HOWTO: Installing Grsecurity patched kernel in debian/ubuntu

Filed under
Howtos

Source: http://evolution-security.com

This is based on the same walkthrough I posted for grsecurity on red hat based kernels except this is for debian based kernels. The current stable debian kernel is vulnerable to about all of the new local exploits and if you are running the 2.4 kernel you are vulnerable to even more. Debian even had one of their servers hacked with the local root exploits, they only released a patched kernel for the testing branch to my knowledge.
The PDF version can be found HERE.
Ok so here goes.

If you have not done any compiling or built any kernels you must get the packages needed.

sudo apt-get install build-essential bin86 kernel-package

sudo apt-get install libqt3-headers libqt3-mt-dev (needed for make xconfig)

First get what is needed and patch the kernel.

cd /usr/src


wget http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.17.7.tar.bz2

wget http://grsecurity.org/grsecurity-2.1.9-2.6.17.7-200607261817.patch.gz

tar -xjvf linux-2.6.17.7.tar.bz2


gunzip < grsecurity-2.1.9-2.6.17.7-200607261817.patch.gz | patch -p0


mv linux-2.6.17.7 linux-2.6.17.7-grsec

ln -s linux-2.6.17.7-grsec linux

cd linux

copy your current config over

do uname -r to see what kernel your running and copy it, example:

cp /boot/config-2.6.15-26-686L .config

*Configure the kernel:

sudo make xconfig

if you are doing this on a server use makeconfig

make sure you select the basic stuff that is needed, iptables, your processor type, and then go in Security Options and to grsecurity, select which level of security you want and any other options you may want.

*In a terminal make sure you are in /usr/src/linux with full root access.

We will build a ".deb" file that can be installed in our Ubuntu system, using make-kpkg.

*In a terminal type:

make-kpkg clean

make-kpkg -initrd --revision=ck2 kernel_image

If there wasn't errors this will build the kernel and a ".deb" file will be created at /usr/src.
*To install it:

sudo dpkg -i kernel-image-2.6.17*.deb

Now reboot and if you did everything correctly it should boot back up and you will be using the new grsecurity kernel.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

hmm, sorry about the bbcode

hmm, sorry about the bbcode errors, you should still know what to copy

re: bbcode

I fixed it best I could using html.

----
You talk the talk, but do you waddle the waddle?

Note

for who ever does this walkthrough, I copied the deb package making off my ck tutorial and left that in one place
make-kpkg -initrd --revision=ck2 kernel_image

when you do that you can make it whatever you want, even that would work just remember that kernel is grsecurity.

Also on the installing on server, use make menuconfig to make your config

I was too worried about the bbcode and made a few typos, couldnt find a way to edit.

More in Tux Machines

today's howtos

Kernel: Linux Plumbers and New in Linux 5.9

  • Linux Plumbers currently sold out

    Linux Plumbers is currently sold out of regular registration tickets. Although the conference is virtual this year our virtual platform cannot support an unlimited number of attendees, hence the cap on registration. We are currently reviewing our capacity limits to see if we can allow more people to attend without over burdening the virtual platform and potentially preventing discussion. We will make another announcement next week regarding registration.

  • Linux 5.9 Supports A Lot Of New Audio Hardware, Intel Silent Stream Added

    The Linux kernel continues supporting a lot more audio devices and much more punctual than a decade or two ago.

  • Linux 5.9 Networking Changes Are As Active As Ever

    Each kernel cycle the networking subsystem sees a lot of churn given the importance of network interconnect performance and reliability especially in high performance computing environments where Linux dominates.

5 of the Best Linux Laptops in 2020

If you’re shopping for a laptop and know you’re planning to run Linux, you can either get any laptop, reformat the hard drive and install your favorite Linux distro on it or just get a laptop that is running Linux right out of the box. Here are some of the best Linux laptops you can get in 2020. [...] These all come preloaded with Ubuntu 20.04 LTS, which is a solid base for any of the various flavors or just vanilla Ubuntu. Many of the drivers have been contributed upstream by Dell, so many distros that use newer kernels should be able to take full advantage of the Killer Wi-Fi cards and Intel Iris Plus Graphics. [...] Pine64 has been in the news often for its Pinephone, but the Pinebook Pro is another great product from them. It’s a 14” ARM laptop that weighs less than 3 lbs/1.5 KG and sips power. It’s a great little machine that helps to push Linux forward on the ARM platform and comes in just under $200. Read more

Richard Stallman: A Discussion on Freedom, Privacy & Cryptocurrencies

Dr. Richard Stallman is well-known for his free software movement activism. His speeches and work revolve around a term: freedom. And it is precisely that word that prompted Stallman to launch the GNU Project, founding the Free Software Foundation and releasing the GNU General Public License, among other projects, to promote the free software concept. RMS, as Dr. Stallman is also known, has some opinions regarding the concept of cryptocurrencies that have been widely discussed within the crypto community. Read more