Language Selection

English French German Italian Portuguese Spanish

HOWTO: Installing Grsecurity patched kernel in debian/ubuntu

Filed under
Howtos

Source: http://evolution-security.com

This is based on the same walkthrough I posted for grsecurity on red hat based kernels except this is for debian based kernels. The current stable debian kernel is vulnerable to about all of the new local exploits and if you are running the 2.4 kernel you are vulnerable to even more. Debian even had one of their servers hacked with the local root exploits, they only released a patched kernel for the testing branch to my knowledge.
The PDF version can be found HERE.
Ok so here goes.

If you have not done any compiling or built any kernels you must get the packages needed.

sudo apt-get install build-essential bin86 kernel-package

sudo apt-get install libqt3-headers libqt3-mt-dev (needed for make xconfig)

First get what is needed and patch the kernel.

cd /usr/src


wget http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.17.7.tar.bz2

wget http://grsecurity.org/grsecurity-2.1.9-2.6.17.7-200607261817.patch.gz

tar -xjvf linux-2.6.17.7.tar.bz2


gunzip < grsecurity-2.1.9-2.6.17.7-200607261817.patch.gz | patch -p0


mv linux-2.6.17.7 linux-2.6.17.7-grsec

ln -s linux-2.6.17.7-grsec linux

cd linux

copy your current config over

do uname -r to see what kernel your running and copy it, example:

cp /boot/config-2.6.15-26-686L .config

*Configure the kernel:

sudo make xconfig

if you are doing this on a server use makeconfig

make sure you select the basic stuff that is needed, iptables, your processor type, and then go in Security Options and to grsecurity, select which level of security you want and any other options you may want.

*In a terminal make sure you are in /usr/src/linux with full root access.

We will build a ".deb" file that can be installed in our Ubuntu system, using make-kpkg.

*In a terminal type:

make-kpkg clean

make-kpkg -initrd --revision=ck2 kernel_image

If there wasn't errors this will build the kernel and a ".deb" file will be created at /usr/src.
*To install it:

sudo dpkg -i kernel-image-2.6.17*.deb

Now reboot and if you did everything correctly it should boot back up and you will be using the new grsecurity kernel.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

hmm, sorry about the bbcode

hmm, sorry about the bbcode errors, you should still know what to copy

re: bbcode

I fixed it best I could using html.

----
You talk the talk, but do you waddle the waddle?

Note

for who ever does this walkthrough, I copied the deb package making off my ck tutorial and left that in one place
make-kpkg -initrd --revision=ck2 kernel_image

when you do that you can make it whatever you want, even that would work just remember that kernel is grsecurity.

Also on the installing on server, use make menuconfig to make your config

I was too worried about the bbcode and made a few typos, couldnt find a way to edit.

More in Tux Machines

Android Leftovers

Calibre 5.0 Ebook Manager Released with Text Highlighting Support, Dark Mode

Coming almost a year after the Calibre 4.0 series, Calibre 5.0 is here with some major changes. This include the ability to highlight text in the E-book viewer, which is one of the most requested feature for this powerful ebook manager. Users will be able to use colors when highlighting text in ebooks, as well as to use all sorts of text formatting and styles, including strikethrough and underline. In addition, you can even add notes to your highlights. All the highlights will be stored in the respective EPUB file, which makes them easy to share. In addition, you can browse all your highlights in the Calibre library using the Browse annotations tool. Read more

Android Leftovers

Compute module and dev kit aim Snapdragon 865 at AR/VR

Lantronix has launched 50 x 29mm “Open-Q 865XR SOM” and $995 dev kit that runs Android 10 on a 15-TOPS NPU equipped Snapdragon 865 with 6GB LPDDR5, 802.11ax, and triple MIPI-CSI interfaces. Intrinsyc, a subsidiary of Lantronix, has introduced an IoT-oriented compute module and development kit based on Qualcomm’s Snapdragon 865 (SXR2130P) SoC. The $445 Open-Q 865XR SOM and $995 Open-Q 865XR SOM Development Kit follow Intrinsyc’s more smartphone-oriented Snapdragon 865 Mobile HDK. The Open-Q 865XR targets imaging intensive embedded applications including Augmented Reality/Virtual Reality (AR/VR) applications in AI machine learning, medical, gaming, logistics and retail sectors. Read more