Language Selection

English French German Italian Portuguese Spanish

Grsecurity Patched Kernel Install Script For Redhat based Pentium 4 servers

Filed under
Howtos

After a lil work getting the config right for s hosting/shell server I finally came up with the script that will patch, compile, and install the gresecurity patched kernel. You just run the shell script and it will download the kernel and patch, patch the kernel, download the config, and then compile and install.

The config I got made up is for Pentium4/Xeon/Celeron based servers. It includes all necessary option for an average pentium based server with single processor. The grsecurity level is set to low along with proc restrictions where users can see only their processes, I find the proc restrictions more of a convenience then actual security procedure because shell users do not have to go through all the processes to find theirs nor do they have to do ps -u so it is a pretty handy feature.

All xtables, iptables, and such are enabled. Lots of generic options are selected but nothing that is not needed by at least some machines.

I have ran this script successfully on a fedora and 2 centos servers and it done just fine. As far as stricter security options and pax goes a lot of them do not work well with your typical hosting server. The way it is now it is very secure and protected against local exploits while stoill being totaly functional and not over restrictive.

To get instructions on running this go here

http://www.evolution-security.com/modules.php?name=News&file=article&sid=298

Nobody should have any problems what so ever if you are running a pentium 4 based single cpu server with 512mb-2gb ram. Let me know if anyone has any problems or needs any help.

I figured quite a few people could find this handy, not just beginners but for busy admins who do not have the time to do all this and sit and watch it. It is nothing but a simple sh script, there is no shellcode or any other code involved.

More in Tux Machines

today's howtos

Leftovers: Gaming

Debian Leftovers

  • Plex Home Theater 1.4.1 for Debian Jessie and Sid
    Recently Plex Plex Home Theater was updated to 1.4.1 with fixes for some errors, in particular concerning the new music handling introduced in 1.4.0. As with 1.4.0, I have compiled PHT for both jessie and sid, both for amd64 and i386.
  • Debian/TeX Live 2015 preparations
    I have uploaded a preliminary version of the texlive-bin based on the 2015 sources (plus the first fixes) to the Debian archive, targeting experimental. As there are four new packages built from the sources (libtexlua52, -dev, libtexluajit2, -dev) the packages have to go through the NEW queue, which at the moment is an impressive 500+ entries long (nearly top in total history). But ftp-masters are currently very active and I hope they continue for some time.
  • Reproducible builds: week 4 in Stretch cycle
    Lunar rebased our custom dpkg on the new release, removing a now undeed patch identified by Guillem Jover. An extra sort in the buildinfo generator prevented a stable order and was quickly fixed once identified.

Android Leftovers

  • Google Makes Chrome For Android Open Source
    Google has announced that Chrome for Android is now open source, the news was announced by Android software engineer Aurimas Liuyikas on Reddit.
  • Screenshots of Google’s new Photos app for Android leak
    We’ve heard rumors since at least August 2014 that Google+’s image functions may be spun out into a standalone photo service. In March, Sundar Pichai, senior vice president for products at Google, said the company is going to put a renewed focus on photos. “Photos are a big use case,” Pichai said. “So we are going to say this is the stream now.”
  • Android's stand-alone Photos app will give you more creative control
    Android Police has peeked at a leaked copy of a reworked Photos app, and it's clear that Google is using the service split as an incentive to shake things up. The highlight may be Assistant (below), an effective substitute for Auto Awesome that gives you more creative power -- you can produce more content yourself (such as Stories) instead of waiting for it to show up.
  • Android Factory Resets Are Flawed, Allow User Data to Be Recovered: Study
  • Factory data reset for Android leaves encrypted data and login keys intact
    Researchers at Cambridge University discovered they were able to recover data on a vast array of Android powered devices that had undergone the factory data reset process.
  • Android 5.1 Lollipop Update Coming To The NVIDIA Shield Tablet
    The update would improve performance and stability, and bring a Shield controller update that makes pairing easier. Among many other features, the LTE model includes improvement in camera, audio, and performance of the modem.
  • Android 5.1.1 Lollipop For Samsung Galaxy S4 Mini GT-I9190: How To Install It Using CM12.1 Nightly Custom ROM
    Users of the Samsung Galaxy S4 Mini with the model number GT-I9190 can have the latest Lollipop experience on their smartphones with the help of a new custom ROM. The new CyanogenMod 12.1 (CM12.1) Nightly custom ROM is based on stock Android user interface with additional features and options.
  • Android Payments Could Be Key Item News From Google I/O: Merrill Lynch
    In the research report published on Friday, Merrill Lynch analysts gave their input on 2015 Google I/O developer conference that will take place on May 28- 29 in San Francisco, California. Since competition in the payments industry is on the horizon, the research firm expects Google Inc (NASDAQ:GOOG) to launch an upgraded payment platform for the Android users.
  • Android M: This is Google’s new Photos app
    Google is expected to announce a bunch of new software initiatives later this week, one of them being Android M. Some leaks have already provided early information on what the upcoming operating system will have to offer, and a new report sheds light on what could be one of the most important new apps for Android M (and other Android versions) that Google is expected to announce at I/O 2015.
  • Best new Android widgets (May 2015) #2
    If you're a dedicated Android fan and not making full use of widgets, then you're totally not using the full potential of Google's platform. See, if we take away widgets out of the feature bag, we are easily stripping it from one of its defining features.
  • Boffins silently track train commuters without tripping Android checks
    Nanjing University boffins Jingyu Hua, Zhenyu Shen, and Sheng Zhong have tracked commuter train trips with 92 percent accuracy using stolen phone accelerometer data.
  • ZTE unveils Q519T smartphone in China: 4000mAh battery, Android 5.0 Lollipop
    Chinese smartphone maker ZTE has unveiled the successor to the Q509T, dubbed Q519T, a new affordable smartphone which is priced at 599 Yuan (approximately Rs 6,100) in China. There is no information provided as to when the device will be available in India.
  • Android M and Nexus updates: The good, the bad and the ugly
    Android M is expected to be unveiled later this week at Google I/O, and it will bring several new features to Google’s mobile platform according to various reports, including a brand new device update guarantee for Nexus devices.
  • 10 Best Android Apps & Games This Week
    A week has passed, which means we’re back with our usual roundup with some of the best new Android apps and games that have made their way into the Play Store. This time we’ve got a good collection of games, so if you were looking to add some new ones on your Android smartphone or tablet, now is the right time to do it. Also, do check out our previous roundup, as well as this week’s sister list with the newest and greatest iOS apps, as well.
  • Asus ZenFone 5 Android 5.0 Lollipop Update to Release in 'Next 3-4 Months'
    The Android 5.0 Lollipop update for Asus ZenFone 5 has been delayed by 3-4 months, reveals the Taiwanese company.