Results 1 to 10 of 14
-
20th May 2011, 06:58 AM #1OPMember
How to install GRSECUIRTY with vanilla kernel ( Centos 5 )
Hey Guys ,
Here is my Tut ,
What is Gr Security ?
Grsecurity is an innovative approach to security utilizing a multi-layered detection, prevention, and containment model. It is licensed under the GPL.
It offers among many other features:
* An intelligent and robust Role-Based Access Control (RBAC) system that can generate least privilege policies for your entire system with no configuration
* Change root (chroot) hardening
* /tmp race prevention
* Extensive auditing
* Prevention of entire classes of exploits related to address space bugs (from the PaX project)
* Additional randomness in the TCP/IP stack
* A restriction that allows a user to only view his/her processes
* Every security alert or audit contains the IP address of the person that caused the event
Here we go
1. Login to your server via ssh and yum update
2. Lets move to this directory :Code:cd /usr/src
Code:yum install gcc
4 . Download the Kernel :Code:wget http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.27.10.tar.gz
Code:tar zxvf linux-2.6.27.10.tar.gz
Code:ln -s linux-2.6.27.10 linux
Code:wget http://grsecurity.net/grsecurity-2.1.12-2.6.27.10-200812271347.patch.gz
8. Open the patch
Code:gzip -d grsecurity2.1.12-2.6.27.10-200812271347.patch.gz
Code:patch -p0 < grsecurity-2.1.12-2.6.27.10-200812271347.patch
Code:cd /boot
Code:ls
12. Move the config like this :Code:cp config-xxx.xxx-x /usr/src/linux/.config
Code:cd /usr/src/linux
Code:make menuconfig
And choose security level to your liking.
After you compile the kernel please enter thisCode:make bzImage; make modules; make modules_install; make install
Code:nano /boot/grub/menu.1st
Code:# grub.conf generated by anaconda # # Note that you do not have to rerun grub after making changes to this file # NOTICE: You have a /boot partition. This means that # all kernel and initrd paths are relative to /boot/, eg. # root (hd0,0) # kernel /vmlinuz-version ro root=/dev/VolGroup00/LogVol00 # initrd /initrd-version.img #boot=/dev/sda default=0 timeout=5 splashimage=(hd0,0)/grub/splash.xpm.gz hiddenmenu title CentOS (2.6.27.10-grsec) root (hd0,0) kernel /vmlinuz-2.6.27.10 ro root=/dev/VolGroup00/LogVol00 initrd /initrd-2.6.27.10.img title CentOS (2.6.18-92.el5) root (hd0,0) kernel /vmlinuz-2.6.18-92.el5 ro root=/dev/VolGroup00/LogVol00 initrd /initrd-2.6.18-92.el5.img
You can check by this command :
Code:uname -r
Dom Reviewed by Dom on . How to install GRSECUIRTY with vanilla kernel ( Centos 5 ) Hey Guys , Here is my Tut , What is Gr Security ? Grsecurity is an innovative approach to security utilizing a multi-layered detection, prevention, and containment model. It is licensed under the GPL. It offers among many other features: * An intelligent and robust Role-Based Access Control (RBAC) system that can generate least privilege policies for your entire system with no configuration Rating: 5
-
20th May 2011, 07:32 AM #2OH GOD!!!!!Website's:
HotNewHipHop.comThank you for this, Im sure it will be useful for a lot of people around here.
-
20th May 2011, 07:32 AM #3BannedWebsite's:
PakCyberArmy.Net HackAll.Net LinkDDL.Com HackersMedia.CoMGreat Share bro,looks very useful
Thanks ...
-
20th May 2011, 07:32 AM #4Member
Thanks for the tut Dom
It'll surely help many people out there
-
20th May 2011, 07:53 AM #5OPMember
Thanks Guys , I may post one for Debian / RedHat
-
20th May 2011, 10:31 PM #6
-
21st May 2011, 10:51 AM #7Member
Did you really write it? Why would anyone use 2 years old kernel and grsecurity at this time? You do realize there are already multiple exploits for those versions, right?
KnownSRV.com - Quality comes at a price, and we provide it at affordable prices.
PayPal, Skrill(MoneyBookers), Payza(AlertPay), 2CheckOut and LibertyReserve accepted!
-
21st May 2011, 10:59 AM #8OPMember
Yes I did write it , its the only kernel I could find that was easy to install for members here
-
21st May 2011, 11:08 AM #9Member
Ok, you are really confusing me now. What exactly is the difference besides different file names? It's a simple kernel installation with patching certain files. What could possibly be different?
How did you compile kernel/grsec without upgrading binutils? Are you sure your server is booted into new grsec kernel? You might want to consider re-checking uname once again, since it's NOT possible to finish the process without upgrading binutils.KnownSRV.com - Quality comes at a price, and we provide it at affordable prices.
PayPal, Skrill(MoneyBookers), Payza(AlertPay), 2CheckOut and LibertyReserve accepted!
-
21st May 2011, 11:12 AM #10OPMember
binutils Should be upgraded when the user did yum update
Sponsored Links
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Similar Threads
-
How to update CentOS kernel?
By Divvy in forum Technical and Security TutorialsReplies: 3Last Post: 14th Feb 2012, 10:05 PM -
who can i install mplayer in my vps centos
By jpeps in forum Tutorials and GuidesReplies: 4Last Post: 9th Jan 2012, 06:03 PM -
How to Install Nginx On Centos
By ifirstdoz in forum Technical Help Desk SupportReplies: 5Last Post: 19th Nov 2011, 04:16 PM -
how to install ftp on centos
By -={MINDFREAK}=- in forum Technical Help Desk SupportReplies: 3Last Post: 12th Jun 2011, 04:50 PM
themaCreator - create posts from...
Version 3.17 released. Open older version (or...