Language Selection

English French German Italian Portuguese Spanish

HOWTO: Installing Grsecurity patched kernel in debian/ubuntu

Filed under
Howtos

Source: http://evolution-security.com

This is based on the same walkthrough I posted for grsecurity on red hat based kernels except this is for debian based kernels. The current stable debian kernel is vulnerable to about all of the new local exploits and if you are running the 2.4 kernel you are vulnerable to even more. Debian even had one of their servers hacked with the local root exploits, they only released a patched kernel for the testing branch to my knowledge.
The PDF version can be found HERE.
Ok so here goes.

If you have not done any compiling or built any kernels you must get the packages needed.

sudo apt-get install build-essential bin86 kernel-package

sudo apt-get install libqt3-headers libqt3-mt-dev (needed for make xconfig)

First get what is needed and patch the kernel.

cd /usr/src


wget http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.17.7.tar.bz2

wget http://grsecurity.org/grsecurity-2.1.9-2.6.17.7-200607261817.patch.gz

tar -xjvf linux-2.6.17.7.tar.bz2


gunzip < grsecurity-2.1.9-2.6.17.7-200607261817.patch.gz | patch -p0


mv linux-2.6.17.7 linux-2.6.17.7-grsec

ln -s linux-2.6.17.7-grsec linux

cd linux

copy your current config over

do uname -r to see what kernel your running and copy it, example:

cp /boot/config-2.6.15-26-686L .config

*Configure the kernel:

sudo make xconfig

if you are doing this on a server use makeconfig

make sure you select the basic stuff that is needed, iptables, your processor type, and then go in Security Options and to grsecurity, select which level of security you want and any other options you may want.

*In a terminal make sure you are in /usr/src/linux with full root access.

We will build a ".deb" file that can be installed in our Ubuntu system, using make-kpkg.

*In a terminal type:

make-kpkg clean

make-kpkg -initrd --revision=ck2 kernel_image

If there wasn't errors this will build the kernel and a ".deb" file will be created at /usr/src.
*To install it:

sudo dpkg -i kernel-image-2.6.17*.deb

Now reboot and if you did everything correctly it should boot back up and you will be using the new grsecurity kernel.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

hmm, sorry about the bbcode

hmm, sorry about the bbcode errors, you should still know what to copy

re: bbcode

I fixed it best I could using html.

----
You talk the talk, but do you waddle the waddle?

Note

for who ever does this walkthrough, I copied the deb package making off my ck tutorial and left that in one place
make-kpkg -initrd --revision=ck2 kernel_image

when you do that you can make it whatever you want, even that would work just remember that kernel is grsecurity.

Also on the installing on server, use make menuconfig to make your config

I was too worried about the bbcode and made a few typos, couldnt find a way to edit.

More in Tux Machines

Stable Kernels: 5.11.2, 5.10.19, and 5.4.101

I'm announcing the release of the 5.11.2 kernel.

All users of the 5.11 kernel series must upgrade.

The updated 5.11.y git tree can be found at:
	git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.11.y
and can be browsed at the normal kernel.org git web browser:
	https://git.kernel.org/?p=linux/kernel/git/stable/linux-s...

thanks,

greg k-h
Read more Also: Linux 5.10.19 Linux 5.4.101

Debian, KDE, and Trisquel Developments are now using GitLab

It is exciting that now big software projects are using GitLab for their own development. Debian, the universal operating system, and KDE, the best computer user interface plus applications compilation, and also Trisquel, the completely free software computer OS are among them. You can click those mentioned links to get involved in the software developments. It is certainly a good news as it is good example for the other projects in sovereignty of the infrastructure (borrowing Trisquel's terms). I made this article after the Rocky Linux's one as I just realized how important it is. However, as an addition it is also good if there is a project maintains their own Gitea (instead of GitLab) infrastructure as both are certainly libre software. I wish the best for them all! Read more

Rocky Linux, The CentOS Alternative, is now Using Gitlab

This is a good example, that, Rocky Linux is now using GitLab, not GitHub, for its public development (software packaging) that everyone can join. We see in February 2021 it proudly presents its own serve we can see it here https://git.rockylinux.org. Rocky is a continuation of CentOS GNU/Linux which is now in rapid development with its rapidly growing (despite new) community. This means Rocky is following Debian, Trisquel OS and the other big OS projects to use the Free Software code hosting GitLab (and alike). This is certainly a good news to see more libre software forge being used in real life by big projects. To contribute to Rocky, especially when you are sysadmins and in server businesses, you can click here to Get Involved. Finally, I wish the best for Rocky and its development. Read more

LibreOffice 7.1 review - The Uncertainty Principle

I feel that LibreOffice has lost its momentum, just like the Linux desktop. The domain has been idle for a while, the world is changing, and there simply isn't enough energy - or money - to sustain the project in a good, vibrant way. After all, many open-source projects kick off with gusto, but then a decade later, they are pretty much in the same position they've always been, and that's not very inspiring - or whatever word you want to use for where people source their drive and creativity. LibreOffice 7.1 feels worse than its predecessors. It doesn't introduce anything super cool or useful, but it does bring in more bugs. The speed is also an issue, and the Microsoft compatibility remains tricky. Then, the interface doesn't need a billion choices, just one or two but polished to perfection. And I'm not even going to talk about the whole Community Edition thing. I will gladly pay for LibreOffice, but I expect pro results in return. In fact, the healthiest thing that can happen to this fine suite is to become costware, because otherwise, I can't see where the needed investment and resources will come to ramp up on the much needed features and tools. Free is good, free is fun, but tools that don't tool aren't very useful. And thus, another layer of hope is chipped away from me soul. Read more