Here’s my little guide for upgrading a CentOS server to a grsec-patched kernel. At the time of this writing, this was the latest stable grsec patch available.
Fetch the sources:
wget http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.24.5.tar.bz2
wget http://grsec.linux-kernel.at/grsecurity-2.1.11-2.6.24.5-200804211829.patch.gz
Extract:
tar xjf linux-2.6.24.5.tar.gz
gzip -d grsecurity-2.1.11-2.6.24.5-200804211829.patch.gz
Patch the kernel:
patch -p0 < grsecurity-2.1.11-2.6.24.5-200804211829.patch
cd linux-2.6.24.5 && make clean && make mrproper
Copy the previous kernel config to use:
cp /boot/config-`uname -r` .config
Edit your kernel:
make menuconfig
Here’s a few of the things I disable (there’s a lot more I could do, but I find the more restrictive I am, the less well things work) :
Networking > Amateur Radio support
Networking > IrDA (infrared) support
Networking > Bluetooth subsystem support
Networking > Wireless
Device Drivers > ISDN support
Device Drivers > Telephony support
Device Drivers > Multimedia devices
Device Drivers > Sound
Also, don’t forget to configure the Grsecurity option under Security Options.
Compile your kernel and install it:
make && make modules && make modules_install && make install
Make sure it’s working ok
depmod 2.6.24.5-grsec
Edit /boot/grub/menu.lst with your text editor of choice, add in your kernel:
$EDITOR /boot/grub/menu.lst
Lastly, you reboot:
shutdown -r now
{ 1 comment… read it below or add one }
This one works GREAT!!
No errors nothing just copy past and DONE!
Nice post
Thanks