Install Grsecurity on CentOS 6
Last Updated on Sunday, 22 March 2015 04:59 Written by BiRU Sunday, 22 March 2015 04:53
Install Grsecurity on centos 6
================================================== ===================
Grsecurity is a set of patches for the Linux kernel with an emphasis on enhancing security. It utilizes a multi-layered detection, prevention, and containment model.
Features of Grsecurity :
* An intelligent and robust Role-Based Access Control (RBAC) system that can generate least privilege policies for your entire system with no configuration
* Change root (chroot) hardening
* /tmp race prevention
* Extensive auditing
* Prevention of arbitrary code execution, regardless of the technique used (stack smashing, heap corruption, etc)
* Prevention of arbitrary code execution in the kernel
* Randomization of the stack, library, and heap bases
* Kernel stack base randomization
* Protection against exploitable null-pointer dereference bugs in the kernel
* Reduction of the risk of sensitive information being leaked by arbitrary-read kernel bugs
* A restriction that allows a user to only view his/her processes
* Security alerts and audits that contain the IP address of the person causing the alert
================================================== ===================
The ideal way to install Grsecurity on 32 bit OS is :
Fetch the sources:
1. Download kernel from kernel.org
[root@server4 ~]# wget https://www.kernel.org/pub/linux/ker...-2.6.31.tar.gz
2. Downlaod latest Grsecurity patch from below URL :
[root@server4 ~]# wget http://grsecurity.net/stable/grsecur...08171247.patch
[All grsecurity packages have a version string in their names. It contains both the version of the release itself and the kernel version it is meant for. For example, the version string 2.9.1-2.6.32-201308052151 tells us that the version of this grsecurity release is 2.9.1 and it is meant for kernel version 2.6.32. The last section of the version is a timestamp.]
So here I am using earlier kernel version than 2.6.32,which is “linux-2.6.31”
3. Extract the kernel from tar.gz file:
[root@server4 ~]# tar xjf linux-2.6.31.tar.gz
4. Patch the kerne with grsecurity patch:
[root@server4 ~]# cd linux-2.6.31
root@server4 [linux-2.6.31]# patch -p1 < ../grsecurity-2.9.1-2.6.32.61-201308171247.patch
root@server4 [linux-2.6.31]# mv linux-2.6.31 linux-2.6.31-grsec
5. Now start making the kernel :
root@server4 [linux-2.6.31]# make clean && make mrproper
6. Edit your kernel as per your need :
[root@server4 ~]# make menuconfig
7. Compile your kernel and install it:
root@server4 [linux-2.6.31]# make bzImage
root@server4 [linux-2.6.31]# make modules
root@server4 [linux-2.6.31]# make modules_install
8. Make sure it’s working ok with the help of following command :
root@server4 [linux-2.6.31]# depmod 2.6.31-grsec
9. Installing and booting the new kernel :
root@server4 [linux-2.6.31]# cp arch/i386/boot/bzImage /boot/vmlinuz-2.6.31-grsec
10. There is also a file called “System.map” that must be copied to the same boot directory.
root@server4 [linux-2.6.31]# cp System.map /boot
11. Do not forget to make changes in /etc/grub.conf
also go to grub prompt after this and fire below command :
# grub > savedefault –-default=0 –-once
12. Now reboot server :
root@server4 [linux-2.6.31]# Shutdown -r now.
!!! Be Secured !!! 
