Written by sdx Thursday, 04 April 2013 09:31
What is Gr Security ?cd /usr/src
3. Now we are going download and install gcc :
yum install gcc
This should install kernel-headers , gcc++ etc.
4 . Download the Kernel :
wget http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.27.10.tar.gz
5. Lets open this bad boy up :
tar zxvf linux-2.6.27.10.tar.gz
6. Also we need to create a symlink :
ln -s linux-2.6.27.10 linux
7. Now grab the patch :
wget http://grsecurity.net/grsecurity-2.1.12-2.6.27.10-200812271347.patch.gz
Also install patch module : " yum install patch "
8. Open the patch
gzip -d grsecurity-2.1.12-2.6.27.10-200812271347.patch.gz
9. The good bit now lets patch the kernel :
patch -p0 < grsecurity-2.1.12-2.6.27.10-200812271347.patch
10. Move to the boot :
cd /boot
11. look at the dirc by entering this :
ls
You should see config-xxxx
12. Move the config like this :
cp config-xxx.xxx-x /usr/src/linux/.config
13. Move back to linux folder :
cd /usr/src/linux
and compile
make menuconfig
And choose security level to your liking.
After you compile the kernel please enter this
make bzImage; make modules; make modules_install; make install
Now do this :
nano /boot/grub/menu.1st
Should look like this :
# grub.conf generated by anaconda # # Note that you do not have to rerun grub after making changes to this file # NOTICE: You have a /boot partition. This means that # all kernel and initrd paths are relative to /boot/, eg. # root (hd0,0) # kernel /vmlinuz-version ro root=/dev/VolGroup00/LogVol00 # initrd /initrd-version.img #boot=/dev/sda default=0 timeout=5 splashimage=(hd0,0)/grub/splash.xpm.gz hiddenmenu title CentOS (2.6.27.10-grsec) root (hd0,0) kernel /vmlinuz-2.6.27.10 ro root=/dev/VolGroup00/LogVol00 initrd /initrd-2.6.27.10.img title CentOS (2.6.18-92.el5) root (hd0,0) kernel /vmlinuz-2.6.18-92.el5 ro root=/dev/VolGroup00/LogVol00 initrd /initrd-2.6.18-92.el5.img
Your going to have default=1 , you need to change it to default=0. Then reboot , now you have a harden kernel
You can check by this command :
uname -r