Welcome to AUXNET IRC Network




Idle on AUXnet a lot? Why not play our idlerpg game, you can check it out at #idleRPG - for more information visit the website http://idlerpg.auxnet.org

Install Grsecurity on CentOS 6

Attention: open in a new window. PDFPrintE-mail

Install Grsecurity on centos 6

================================================== ===================

Grsecurity is a set of patches for the Linux kernel with an emphasis on enhancing security. It utilizes a multi-layered detection, prevention, and containment model.

Features of Grsecurity :
* An intelligent and robust Role-Based Access Control (RBAC) system that can generate least privilege policies for your entire system with no configuration
* Change root (chroot) hardening
* /tmp race prevention
* Extensive auditing
* Prevention of arbitrary code execution, regardless of the technique used (stack smashing, heap corruption, etc)
* Prevention of arbitrary code execution in the kernel
* Randomization of the stack, library, and heap bases
* Kernel stack base randomization
* Protection against exploitable null-pointer dereference bugs in the kernel
* Reduction of the risk of sensitive information being leaked by arbitrary-read kernel bugs
* A restriction that allows a user to only view his/her processes
* Security alerts and audits that contain the IP address of the person causing the alert

================================================== ===================

The ideal way to install Grsecurity on 32 bit OS is :
Fetch the sources:


1. Download kernel from kernel.org
[[email protected] ~]# wget https://www.kernel.org/pub/linux/ker...-2.6.31.tar.gz

2. Downlaod latest Grsecurity patch from below URL :
[[email protected] ~]# wget http://grsecurity.net/stable/grsecur...08171247.patch

[All grsecurity packages have a version string in their names. It contains both the version of the release itself and the kernel version it is meant for. For example, the version string 2.9.1-2.6.32-201308052151 tells us that the version of this grsecurity release is 2.9.1 and it is meant for kernel version 2.6.32. The last section of the version is a timestamp.]

So here I am using earlier kernel version than 2.6.32,which is “linux-2.6.31”


3. Extract the kernel from tar.gz file:
[[email protected] ~]# tar xjf linux-2.6.31.tar.gz

4. Patch the kerne with grsecurity patch:
[[email protected] ~]# cd linux-2.6.31
[email protected] [linux-2.6.31]# patch -p1 < ../grsecurity-2.9.1-2.6.32.61-201308171247.patch
[email protected] [linux-2.6.31]# mv linux-2.6.31 linux-2.6.31-grsec

5. Now start making the kernel :
[email protected] [linux-2.6.31]# make clean && make mrproper

6. Edit your kernel as per your need :
[[email protected] ~]# make menuconfig

7. Compile your kernel and install it:
[email protected] [linux-2.6.31]# make bzImage
[email protected] [linux-2.6.31]# make modules
[email protected] [linux-2.6.31]# make modules_install

8. Make sure it’s working ok with the help of following command :
[email protected] [linux-2.6.31]# depmod 2.6.31-grsec

9. Installing and booting the new kernel :
[email protected] [linux-2.6.31]# cp arch/i386/boot/bzImage /boot/vmlinuz-2.6.31-grsec

10. There is also a file called “System.map” that must be copied to the same boot directory.
[email protected] [linux-2.6.31]# cp System.map /boot

11. Do not forget to make changes in /etc/grub.conf
also go to grub prompt after this and fire below command :

# grub > savedefault –-default=0 –-once

12. Now reboot server :
[email protected] [linux-2.6.31]# Shutdown -r now.


!!! Be Secured !!!