Language Selection

English French German Italian Portuguese Spanish

HOWTO: Installing Grsecurity patched kernel in debian/ubuntu

Filed under


This is based on the same walkthrough I posted for grsecurity on red hat based kernels except this is for debian based kernels. The current stable debian kernel is vulnerable to about all of the new local exploits and if you are running the 2.4 kernel you are vulnerable to even more. Debian even had one of their servers hacked with the local root exploits, they only released a patched kernel for the testing branch to my knowledge.
The PDF version can be found HERE.
Ok so here goes.

If you have not done any compiling or built any kernels you must get the packages needed.

sudo apt-get install build-essential bin86 kernel-package

sudo apt-get install libqt3-headers libqt3-mt-dev (needed for make xconfig)

First get what is needed and patch the kernel.

cd /usr/src



tar -xjvf linux-

gunzip < grsecurity-2.1.9- | patch -p0

mv linux- linux-

ln -s linux- linux

cd linux

copy your current config over

do uname -r to see what kernel your running and copy it, example:

cp /boot/config-2.6.15-26-686L .config

*Configure the kernel:

sudo make xconfig

if you are doing this on a server use makeconfig

make sure you select the basic stuff that is needed, iptables, your processor type, and then go in Security Options and to grsecurity, select which level of security you want and any other options you may want.

*In a terminal make sure you are in /usr/src/linux with full root access.

We will build a ".deb" file that can be installed in our Ubuntu system, using make-kpkg.

*In a terminal type:

make-kpkg clean

make-kpkg -initrd --revision=ck2 kernel_image

If there wasn't errors this will build the kernel and a ".deb" file will be created at /usr/src.
*To install it:

sudo dpkg -i kernel-image-2.6.17*.deb

Now reboot and if you did everything correctly it should boot back up and you will be using the new grsecurity kernel.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

hmm, sorry about the bbcode

hmm, sorry about the bbcode errors, you should still know what to copy

re: bbcode

I fixed it best I could using html.

You talk the talk, but do you waddle the waddle?


for who ever does this walkthrough, I copied the deb package making off my ck tutorial and left that in one place
make-kpkg -initrd --revision=ck2 kernel_image

when you do that you can make it whatever you want, even that would work just remember that kernel is grsecurity.

Also on the installing on server, use make menuconfig to make your config

I was too worried about the bbcode and made a few typos, couldnt find a way to edit.

More in Tux Machines

OSS Leftovers

  • What Is Fuchsia, Google’s New Operating System?
    Fuchsia first popped up on the tech world’s radar in mid-2016, when an unannounced open source project from Google appeared on the GitHub repository. According to initial inspection by the technology press, it was designed to be a “universal” operating system, capable of running on everything from low-power smartwatches to powerful desktops. That potentially includes phones, tablets, laptops, car electronics, connected appliances, smarthome hardware, and more.
  • Google created an AI-based, open source music synthesizer
    Move over musicians, AI is here. Google's 'NSynth' neural network is designed to take existing sounds and combine them using a complex, machine learning algorithm. The result? Thousands of new musical sounds, and an instrument you can play them on.
  • March Add(on)ness: uBlock (1) vs Kimetrack (4)
  • TenFourFox FPR6 SPR1 coming
    Stand by for FPR6 Security Parity Release 1 due to the usual turmoil following Pwn2Own, in which the mighty typically fall and this year Firefox did. We track these advisories and always plan to have a patched build of TenFourFox ready and parallel with Mozilla's official chemspill release; I have already backported the patch and tested it internally.
  • GCC 8 Compiler Offering More Helpful Debug Messages, Usability Improvements
    Red Hat's David Malcom has outlined some of the usability improvements coming with the imminent release of GCC 8.
  • Friday Free Software Directory IRC meetup time changed: March 16th starting at 12:00 p.m. EDT/16:00 UTC
  • Your guide to LibrePlanet 2018, wherever you are, March 24-25
    The free software community encompasses the globe, and we strive to make the LibrePlanet conference reflect that. That's why we livestream the proceedings of the conference, and encourage you to participate remotely by both watching and participating in the discussion via IRC.
  • Open Source Advocate Dr. Joshua Pearce Publishes Paper on Inexpensive GMAW Metal 3D Printing
    One of the most outspoken advocates of open source philosophy in the 3D printing industry is Dr. Joshua M. Pearce, Associate Professor, Materials Science & Engineering and Electrical & Computer Engineering for Michigan Technological University (Michigan Tech).
  • ONF Launches Stratum Open-Source SDN Project
    The growing adoption of software-defined networking over the past several years has given a boost to makers of networking white boxes. The separation of the network operating system, control plane and network tasks from the underlying proprietary hardware meant that organizations could run that software on white-box switches and servers that are less expensive than those systems from the likes of Cisco Systems, Juniper Networks, Dell EMC and Hewlett Packard Enterprise. Network virtualization technologies such as software-defined networking (SDN) and network-functions virtualization (NFV) have proven to be a particular boon for hyperscale cloud providers like Google and Facebook and telecommunications companies like AT&T and Verizon, which are pushing increasingly massive amounts of traffic through their growing infrastructures. Being able to use less expensive and easily manageable white boxes from original design manufacturers (ODMs) has helped these organizations keep costs down even as demand rises.

KDE: Discover, Qt Creator, LibAlkimia

  • This week in Discover, part 10
    This week saw many positive changes for Discover, and I feel that it’s really coming into its own. Discover rumbles inexorably along toward the finish line of becoming the most-loved Linux app store!
  • Qt Creator 4.6 RC & Qt 5.11 Beta 2 Released
    The Qt Company has some new software development releases available in time for weekend testing. First up is the Qt Creator 4.6 Release Candidate. Qt Creator 4.6 has been working on better C++17 feature support, Clang-Tidy and Clazy warnings are now integrated into the diagnostic messages for the C++ editor, new filters, and improvements to the model editor.
  • LibAlkimia 7.0.1 with support for MPIR released
    LibAlkimia is a base library that contains support for financial applications based on the Qt C++ framework. One of its main features is the encapsulation of The GNU Multiple Precision Arithmetic Library (GMP) and so providing a simple object to be used representing monetary values in the form of rational numbers. All the mathematical details are hidden inside the AlkValue object.
  • Last Weeks Activity in Elisa and Release Schedule
    Elisa is a music player developed by the KDE community that strives to be simple and nice to use. We also recognize that we need a flexible product to account for the different workflows and use-cases of our users. We focus on a very good integration with the Plasma desktop of the KDE community without compromising the support for other platforms (other Linux desktop environments, Windows and Android). We are creating a reliable product that is a joy to use and respects our users privacy. As such, we will prefer to support online services where users are in control of their data.

SwagArch 18.02 - U Got Swag?

SwagArch sounds like an interesting concept. The aesthetic side of things is reasonable, although brown as a color and a dark theme make for a tricky choice. The fonts are pretty good overall. But the visual element is the least of the distro's problems. SwagArch 18.02 didn't deliver the basics, and that's what made Dedoimedo sad. Network support plus the clock issue, horrible package management and broken programs, those are things that must work perfectly. Without them, the system has no value. So you do get multimedia support and a few unique apps, however that cannot balance out all the woes and problems that I encountered. All in all, Swag needs a lot more work. Also, it will have a tough time competing with Manjaro and Antergos, which are already established and fairly robust Arch spins. Lastly, it needs to narrow down its focus. The overall integration of elements is pretty weak. Eclectic, jumbled, not really tested. 2/10 for now. Let's see how it evolves. Read more

How Open Source Approach is Impacting Science

Dive into the exciting world of Innovative Science to explore and find out about how the Linux-based Operating System and Open Source are playing a significant role in the major scientific breakthroughs that are taking place in our daily lives. Read more