Language Selection

English French German Italian Portuguese Spanish

Grsecurity Patched Kernel Install Script For Redhat based Pentium 4 servers

Filed under
Howtos

After a lil work getting the config right for s hosting/shell server I finally came up with the script that will patch, compile, and install the gresecurity patched kernel. You just run the shell script and it will download the kernel and patch, patch the kernel, download the config, and then compile and install.

The config I got made up is for Pentium4/Xeon/Celeron based servers. It includes all necessary option for an average pentium based server with single processor. The grsecurity level is set to low along with proc restrictions where users can see only their processes, I find the proc restrictions more of a convenience then actual security procedure because shell users do not have to go through all the processes to find theirs nor do they have to do ps -u so it is a pretty handy feature.

All xtables, iptables, and such are enabled. Lots of generic options are selected but nothing that is not needed by at least some machines.

I have ran this script successfully on a fedora and 2 centos servers and it done just fine. As far as stricter security options and pax goes a lot of them do not work well with your typical hosting server. The way it is now it is very secure and protected against local exploits while stoill being totaly functional and not over restrictive.

To get instructions on running this go here

http://www.evolution-security.com/modules.php?name=News&file=article&sid=298

Nobody should have any problems what so ever if you are running a pentium 4 based single cpu server with 512mb-2gb ram. Let me know if anyone has any problems or needs any help.

I figured quite a few people could find this handy, not just beginners but for busy admins who do not have the time to do all this and sit and watch it. It is nothing but a simple sh script, there is no shellcode or any other code involved.

More in Tux Machines

today's leftovers

  • Linux Kernel Podcast for 2017/03/21
  • Announcing the Shim review process [Ed: accepting rather than fighting very malicious things]
    However, a legitimate criticism has been that there's very little transparency in Microsoft's signing process. Some people have waited for significant periods of time before being receiving a response. A large part of this is simply that demand has been greater than expected, and Microsoft aren't in the best position to review code that they didn't write in the first place.
  • rtop – A Nifty Tool to Monitor Remote Server Over SSH
    rtop is a simple, agent-less, remote server monitoring tool that works over SSH. It doesn’t required any other software to be installed on remote machine, except openSSH server package & remote server credentials.
  • Chakra GNU/Linux Users Get KDE Plasma 5.9.3 and KDE Applications 16.12.3, More
    Neofytos Kolokotronis from the Chakra GNU/Linux project, an open-source operating system originally based on Arch Linux and the KDE Plasma desktop environment, announced the availability of the latest KDE updates in the distro's repositories. Those of you using Chakra GNU/Linux as your daily drive will be happy to learn that the stable repos were filled with numerous up-to-date packages from the recently released KDE Plasma 5.9.3 desktop environment, KDE Applications 16.12.3 software suite, and KDE Frameworks 5.32.0 collection of over 70 add-on libraries for Qt 5.
  • YaST Team: Highlights of YaST development sprint 32
    One of the known limitations of the current installer is that it’s only able to automatically propose an encrypted schema if LVM is used. For historical reasons, if you want to encrypt your root and/or home partitions but not to use LVM, you would need to use the expert partitioner… and hope for the best from the bootloader proposal. But the new storage stack is here (well, almost here) to make all the old limitations vanish. With our testing ISO it’s already possible to set encryption with just one click for both partition-based and LVM-based proposals. The best possible partition schema is correctly created and everything is encrypted as the user would expect. We even have continuous tests in our internal openQA instance for it. The part of the installer managing the bootloader installation is still not adapted, which means the resulting system would need some manual fixing of Grub before being able to boot… but that’s something for an upcoming sprint (likely the very next one).
  • Debian stretch on the Raspberry Pi 3 (update) (2017-03-22)
    I previously wrote about my Debian stretch preview image for the Raspberry Pi 3.
  • Asus Tinker Board – Chromium YouTube Performance
    One of the many strengths of the Asus Tinker Board is its multimedia support. This 4K video capable machine is a mouthwatering prospect for the multimedia enthusiast. The machine has a respectable 1.8GHz ARM Cortex-A17 quad-core processor. It’s only 32-bit (unlike the Raspberry Pi 3) but has a higher clock speed. The Tinker Board also sports an integrated ARM-based Mali T764 graphics processor (GPU).

Microsoft vs GNU/Linux

Netflix and GNU/Linux

today's howtos