Securing and Optimizing Linux: RedHat Edition -A Hands on Guide | ||
---|---|---|
Prev | Chapter 7. Configuring and Building a Secure, Optimized Kernel | Next |
In our configuration and compilation we will build a monolithic kernel. Monolithic kernel means to only answer Yes or No to the questions, don't make anything modular and omit the steps:
make_modules
make_modules_install.
: Remember to only answer Yes or No to the questions when configuring your new kernel if you're intending to build a monolithic kernel. If you intend to use firewall masquerading functions or a dial-up ppp connection, you cannot build a monolithic kernel, since these function require the build of some modules, by default. Build, instead, a modularized kernel.
A new kernel is very specific to your computer hardware, in the kernel configuration part; we are using the following hardware for our example. Of course you must change them to fit your system components.
1 Pentium II 400 MHz (i686) processor |
1 Motherboard SCSI |
1 Hard Disk SCSI |
1 SCSI Controler Adaptec AIC 7xxx |
1 CD-ROM ATAPI IDE |
1 Floppy Disk |
2 Ethernet Cards Intel EtherExpressPro 10/100 |
1 Mouse PS/2 |
These installation instructions assume
Commands are Unix-compatible. |
The source path is /usr/src. |
Installations were tested on Red Hat Linux 6.1 and 6.2. |
All steps in the installation will happen in super-user account root. |
Latest Kernel version number is 2.2.14 |
Latest Secure Linux Kernel Patches version number is 2_2_14-ow2 |
All these below mentioned Packages were available in the following sites as of this writing but we suggest you can get additional information regarding mirror sites by searching on their respective home pages.
Kernel Homepage:http://www.kernelnotes.org/
Be sure to download: linux-2_2_14_tar.gz
Kernel FTP Site: 139.142.90.113
Secure Linux Kernel Patches Homepage:http://www.openwall.com/linux/
You must be sure to download: linux-2_2_14-ow2_tar.gz
Secure Linux Kernel Patches FTP Site: 195.42.162.180
The first of the pre-install step is to make an emergency boot floppy. Linux has a small utility named mkbootdisk to simply do this. The first step is to find out what kernel version, you are currently using. Check out your /etc/lilo.conf file and see which image was booted from and from this image, we can find the kernel version we need to make our emergency boot floppy.
[root@deep] /#cat /etc/lilo.conf |
In my example, I have the following in the lilo.conf file:
boot=/dev/sda map=/boot/map install=/boot/boot.b prompt timeout=50 image=/boot/vmlinuz-2.2.12-20 label=linux root=/dev/sda6 initrd=/boot/initrd-2.2.12-20.img read-only |
Now you'll need to find the image that you booted from. On a standard new first install, it will be the one-labeled linux. In the above example we show that the machine booted using the /boot/vmlinuz-2.2.12-20 original kernel version of the system. Now we simply need to put a formatted 1.44 floppy in our system and execute the following command as root:
[root@deep] /#mkbootdisk --device /dev/fd0 2.2.12-20 |
Insert a disk in /dev/fd0. Any information on the disk will be lost. Press <Enter> to continue or ^C to abort: