Language Selection

English French German Italian Portuguese Spanish

Grsecurity Patched Kernel Install Script For Redhat based Pentium 4 servers

Filed under
Howtos

After a lil work getting the config right for s hosting/shell server I finally came up with the script that will patch, compile, and install the gresecurity patched kernel. You just run the shell script and it will download the kernel and patch, patch the kernel, download the config, and then compile and install.

The config I got made up is for Pentium4/Xeon/Celeron based servers. It includes all necessary option for an average pentium based server with single processor. The grsecurity level is set to low along with proc restrictions where users can see only their processes, I find the proc restrictions more of a convenience then actual security procedure because shell users do not have to go through all the processes to find theirs nor do they have to do ps -u so it is a pretty handy feature.

All xtables, iptables, and such are enabled. Lots of generic options are selected but nothing that is not needed by at least some machines.

I have ran this script successfully on a fedora and 2 centos servers and it done just fine. As far as stricter security options and pax goes a lot of them do not work well with your typical hosting server. The way it is now it is very secure and protected against local exploits while stoill being totaly functional and not over restrictive.

To get instructions on running this go here

http://www.evolution-security.com/modules.php?name=News&file=article&sid=298

Nobody should have any problems what so ever if you are running a pentium 4 based single cpu server with 512mb-2gb ram. Let me know if anyone has any problems or needs any help.

I figured quite a few people could find this handy, not just beginners but for busy admins who do not have the time to do all this and sit and watch it. It is nothing but a simple sh script, there is no shellcode or any other code involved.

More in Tux Machines

Kernel: Linux 4.13 Features, ZFS On Linux 0.7, EdgeX, and AMD Graphics

  • 4.13 Merge window, part 2
  • [zfs-announce] v0.7.0 released
  • ZFS On Linux 0.7 Released With New Features
    A new release of ZOL is available for running the ZFS file-system natively on Linux. This ZFS On Linux v0.7 update does bring a number of new features. ZFS On Linux 0.7 introduces resumable send/receive support, compressed send/receive, multiple import protection, scrub pause/resume capabilities, delegations, large dnodes, cryptographic checksums, JBOD management, and a wide array of performance improvements.
  • Open source group adds members to forge edge computing standards
    The open source EdgeX Foundry group gains new members as it begins to sculpt standardized software building blocks for intelligent edge computing. In April, The Linux Foundation launched the open source EdgeX Foundry project to develop a standardized interoperability framework for Internet of Things (IoT) edge computing. Recently, EdgeX Foundry announced eight new members, bringing the total membership to 58.
  • Radeon GPU Profiler Should Help Vulkan Game Developers
    Besides yesterday evening marking the embargo expiration for the new Crimson ReLive / AMDGPU-PRO 17.30 details, AMD also announced the public availability of the Radeon GPU Profiler. Radeon GPU Profiler is a new open-source initiative within the GPUOpen space for allowing more analytics and low-level optimization details to be explored by game developers running on Radeon GPUs.
  • AMD Releases Crimson ReLive 17.7.2, Linux Gamers Get AMDGPU-PRO 17.30

today's howtos

GNOME: Evince, GNOME Recipes, Gedit, and GUADEC 2017 in Manchester

  • Evince 3.26 Will Let You View Adobe Illustrator & CBR Files
    Evince, the default document viewer on Ubuntu, is adding support for more file formats. The next stable release, Evince 3.26, due in October, will allow you to view Adobe Illustrator files on Linux without needing to install any additional software. “But wait!”, I hear you cry, “Evince can already do that!”
  • GNOME Recipes 3.26 Cooks Up a Batch of Improvements
    GNOME's Mathias Clasen has dished up an update on GNOME Recipes, the desktop cookery app for Linux, bringing news of several improvements.
  • Wait, Gedit Text Editor is Unmaintained?!
    Gedit is the default text editor on Ubuntu and just about a bajillion other Linux distros — but it’s also unmaintained. Did you know that? I didn’t. Not until a reader mentioned it to me earlier today. And, sure enough, head over to Gedit page on the GNOME Wiki and you can see for yourself that the project is “no longer maintained” and is “looking for new maintainers”.
  • Going to GUADEC 2017
    This year I am also giving a presentation about the application story in Endless OS. Our infrastructure, our changes to GNOME Software, our heavy use of Flatpak, etc. Hopefully you’ll find it interesting.

Red Hat and Fedora: CollabNet and Carahsoft. SteelCloud, Fedora 27 Schedule, 32-Bit x86 Support

  • CollabNet and Carahsoft to Host Value Stream Mapping Webinar Featuring Red Hat August 2, 2017
    CollabNet (www.collabnet.com), a global leader in enterprise software development, release automation and DevOps solutions, announces a new webinar, "Monitoring your DevOps Tool Chain for Continuous Delivery & Feedback in Red Hat OpenShift," that will be co-hosted by CollabNet partner Carahsoft. The webinar will take place on August 2, 2017, at 10 a.m. PDT/ 1 p.m. EDT.
  • SteelCloud Adds Red Hat RHEL 7 STIG Automation to Boost DoD's RMF Readiness
    SteelCloud LLC announced today that it has enhanced ConfigOS, its patented STIG remediation software, to comprehensively support Red Hat Enterprise Linux 7. ConfigOS dramatically reduces the time and effort to build, test, and deploy STIG-compliant Linux and Windows application environments. This new RHEL 7 support adds to ConfigOS existing automation for RHEL 5 & 6, CENTOS and SUSE Linux.
  • 32-Bit x86 support in Fedora
  • Running Wayland on the Nvidia driver
    I know many of you have wanted to test running Wayland on NVidia. The work on this continues between Jonas Ådahl, Adam Jackson and various developers at NVidia. It is not ready for primetime yet as we are still working on the server side glvnd piece we need for XWayland. That said with both Adam Jackson looking at this from our side and Kyle Brenneman looking at it from NVidia I am sure we will be able to hash out the remaining open questions and get that done.
  • Fedora 27 release dates and schedule
    With the recent release of Fedora 26, the Fedora 27 release schedule is falling into place. Also worth noting, starting with Fedora 27, there is no longer an Alpha release. As of now, the current Fedora 27 release schedule is as follows.
  • My first year in the Fedora Project
    Yesterday I completed an incredible first year in the fedora project, I noticed it because I was awarded with one badge for it (egg badge). I arrived a month ago through whatcanidoforfedora, who told me that it was a good idea to go to ambassadors, commops and infrastructure, I tried first in ambassadors and immediately I was kicked :P. being member of any major parts of the fedora project requires a lot of patience and work. that was my first learning about the the project.