Language Selection

English French German Italian Portuguese Spanish

Grsecurity Patched Kernel Install Script For Redhat based Pentium 4 servers

Filed under
Howtos

After a lil work getting the config right for s hosting/shell server I finally came up with the script that will patch, compile, and install the gresecurity patched kernel. You just run the shell script and it will download the kernel and patch, patch the kernel, download the config, and then compile and install.

The config I got made up is for Pentium4/Xeon/Celeron based servers. It includes all necessary option for an average pentium based server with single processor. The grsecurity level is set to low along with proc restrictions where users can see only their processes, I find the proc restrictions more of a convenience then actual security procedure because shell users do not have to go through all the processes to find theirs nor do they have to do ps -u so it is a pretty handy feature.

All xtables, iptables, and such are enabled. Lots of generic options are selected but nothing that is not needed by at least some machines.

I have ran this script successfully on a fedora and 2 centos servers and it done just fine. As far as stricter security options and pax goes a lot of them do not work well with your typical hosting server. The way it is now it is very secure and protected against local exploits while stoill being totaly functional and not over restrictive.

To get instructions on running this go here

http://www.evolution-security.com/modules.php?name=News&file=article&sid=298

Nobody should have any problems what so ever if you are running a pentium 4 based single cpu server with 512mb-2gb ram. Let me know if anyone has any problems or needs any help.

I figured quite a few people could find this handy, not just beginners but for busy admins who do not have the time to do all this and sit and watch it. It is nothing but a simple sh script, there is no shellcode or any other code involved.

More in Tux Machines

FEDORA WORKSTATION NEXT STEPS : INTRODUCING PINOS

So what is Pinos? One of the original goals of Pinos was to provide the same level of advanced hardware handling for Video that PulseAudio provides for Audio. For those of you who has been around for a while you might remember how you once upon a time could only have one application using the sound card at the same time until PulseAudio properly fixed that. Well Pinos will allow you to share your video camera between multiple applications and also provide an easy to use API to do so. Read more

Razer’s open source virtual reality project now supports Android devices

Razer’s open source virtual reality project will support Android, which opens up the future of this mind-altering world to multiple devices. Read more

Linux Mint 17.2 "Rafaela" Officially Out with Cinnamon 2.6 - Screenshot Tour

Linux Mint 17.2 "Rafaela" Cinnamon has been officially announced by Clement Lefebvre, the leader of the project, and it brings numerous upgrades for the desktop environment and the underlying operating system. Read more

Winter is coming: GPS and Linux leap second Armageddon predicted

Linux computers are particularly prone to this, and last time several high-profile websites running databases such as Hadoop, including Linkedin, Reddit, and Yelp, were temporarily borked. GPS trackers don't play nicely either and, given that their accuracy depends on the timings between receiver and satellite, it can make them inaccurate until the problem is addressed. Read more