Language Selection

English French German Italian Portuguese Spanish

Grsecurity Patched Kernel Install Script For Redhat based Pentium 4 servers

Filed under
Howtos

After a lil work getting the config right for s hosting/shell server I finally came up with the script that will patch, compile, and install the gresecurity patched kernel. You just run the shell script and it will download the kernel and patch, patch the kernel, download the config, and then compile and install.

The config I got made up is for Pentium4/Xeon/Celeron based servers. It includes all necessary option for an average pentium based server with single processor. The grsecurity level is set to low along with proc restrictions where users can see only their processes, I find the proc restrictions more of a convenience then actual security procedure because shell users do not have to go through all the processes to find theirs nor do they have to do ps -u so it is a pretty handy feature.

All xtables, iptables, and such are enabled. Lots of generic options are selected but nothing that is not needed by at least some machines.

I have ran this script successfully on a fedora and 2 centos servers and it done just fine. As far as stricter security options and pax goes a lot of them do not work well with your typical hosting server. The way it is now it is very secure and protected against local exploits while stoill being totaly functional and not over restrictive.

To get instructions on running this go here

http://www.evolution-security.com/modules.php?name=News&file=article&sid=298

Nobody should have any problems what so ever if you are running a pentium 4 based single cpu server with 512mb-2gb ram. Let me know if anyone has any problems or needs any help.

I figured quite a few people could find this handy, not just beginners but for busy admins who do not have the time to do all this and sit and watch it. It is nothing but a simple sh script, there is no shellcode or any other code involved.

More in Tux Machines

RaspArch Offers an Easy Way to Run Arch Linux on Raspberry Pi 2

Arne Exton had the pleasure of informing Softpedia about a new distribution of GNU/Linux created from the ground up for the Raspberry Pi 2 tiny computer board and called RaspArch. Read more

Leftovers: Software

  • goobook: Command-line contacts
  • Calibre eBook Editor Gets Much Better Support for DOCX
    Calibre, a complete application to edit, view, and convert eBook files, has been updated yet again, and the developer has added a number of new features and various other fixes.
  • GNOME Builder - 3.16.2
    I released 3.16.0 a couple weeks ago without much fanfare. Despite many months of 16-hour days and weekends, it lacked some of the features I wanted to get into the "initial" release. So I didn't stop. I kept pushing through to make 3.16.2 the best that I could.
  • PacketFence v5.0 released
    The Inverse team is pleased to announce the immediate availability of PacketFence 5.0.0. This is a major release with new features, enhancements and important bug fixes. This release is considered ready for production use and upgrading from previous versions is strongly advised.
  • What are good open-source log monitoring tools on Linux
    In an operating system, logs are all about keeping track of events, be it critical system errors, resource usage warnings, transaction history, application status, or user activities. These logs, which are stored as (text or binary) files in the system, are useful for system auditing, debugging and maintenance. However, with so many different system entities generating log files, and even at growing rate, the challenge as a system admin is to how to "consume" these log files effectively.
  • Apache Fortress Core 1.0-RC40 released !
  • Say Hello to Open Source Puppet 4!
    Production-ready Open Source Puppet 4 is now available! We’re excited to announce new features and enhancements that will extend your use of Puppet for faster, more consistent management of server configurations. We’ve added capabilities to help you save time, reduce errors, and increase reliability.
  • textprint: Visually impressive, in only 18K
    textprint takes a flat data file as input, and arranges it graphically to fit the terminal without distorting the image. From there, textprint goes from zero-to-60, in about two seconds.

today's howtos