Tutorial/HOW-TO: Kernel 2.6 Compilation with Grsecurity (grsec) - 2.6.5, 2.6.7, 2.6.8, 2.8.1, 2.6.9, 2.6.10, 2.6.11.6

The following tutorial provide a basic tutorial on installing grsecurity on a linux 2.6 kernel, it is up to date as of kernel 2.6.10.

Download the kernel source (obtain the latest kernel from kernel.org):

cd /usr/src/
wget http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.10.tar.bz2
bzip2 -d linux-2.6.10.tar.bz2
tar xf linux-2.6.10.tar

Download the grsec patch (download the latest patch from grsecurity.org/download.php):

cd /usr/src/
wget http://grsecurity.org/grsecurity-2.1.0-2.6.10-200501081640.patch

Patch the kernel with the grsecurity patch:

patch -p0 < grsecurity-2.1.0-2.6.10-200501081640.patch

Before doing your configuration you may want to check which hardware you are using:

lspci

For a specific hardware component:

lspci -s 00:00.0 -vv
lspci -s 00:1f.0 -vv

Start cofiguring/compile the kernel:

cd /usr/src/linux-2.6.10
make clean
make mrproper

If you are using an old .config file, then copy it to /usr/scr/linux-2.6.10 and do the following:

make oldconfig

If this is a new configuration or you are unsure what to do, then do the following:

make menuconfig

Once you have configured all your kernel options, be sure to continue on to the grsec menu and chose the security level you wish to use, as well as any specific security options. If are running a server you may want to disable the following options from the kernel:

* Telephony Support
* Fusion MPT device support
* IEEE 1394 (FireWire) support (EXPERIMENTAL)
* Amateur Radio support
* IrDA (infrared) support
* ISDN subsystem --- only if you are not using ISDN
* Multimedia devices
* Sound
* USB support
* Old CD-ROM drivers (not SCSI, not IDE) --- only if uneeded
* Bluetooth support
* Library routines

Exit and save the configuration, and proceed to build the kernel and modules:

make

Now you need to install the modules in /lib/modules/KERNELVERSION by doing the following:

make modules_install

Lastly you need to install the kernel:

make install

After you have installed the kernel you need to ensure you bootloader is configured correctly for the new kernel, and then reboot the machine.

There are plenty more options when installing the kernel, but with the make install command it does these all for you in one go.

 

 

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
©2006 dzine it ® better designs and hosting create better business zooom ® All rights reserved