7.1. Pre-Install

In our configuration and compilation we will build a monolithic kernel. Monolithic kernel means to only answer Yes or No to the questions, don't make anything modular and omit the steps:

Also, we will patch our new kernel with the buffer overflow protection from kernel patches. Patches for the Linux kernel exist, like Solar Designer's non-executable stack patch, which disallows the execution of code on the stack, making a number of buffer overflow attacks harder - and defeating completely a number of current exploits used by "script kiddies" worldwide.

Important: Remember to only answer Yes or No to the questions when configuring your new kernel if you're intending to build a monolithic kernel. If you intend to use firewall masquerading functions or a dial-up ppp connection, you cannot build a monolithic kernel, since these function require the build of some modules, by default. Build, instead, a modularized kernel.

A new kernel is very specific to your computer hardware, in the kernel configuration part; we are using the following hardware for our example. Of course you must change them to fit your system components.

1 Pentium II 400 MHz (i686) processor
1 Motherboard SCSI
1 Hard Disk SCSI
1 SCSI Controler Adaptec AIC 7xxx
1 CD-ROM ATAPI IDE
1 Floppy Disk
2 Ethernet Cards Intel EtherExpressPro 10/100
1 Mouse PS/2

These installation instructions assume

Commands are Unix-compatible.
The source path is /usr/src.
Installations were tested on Red Hat Linux 6.1 and 6.2.
All steps in the installation will happen in super-user account root.
Latest Kernel version number is 2.2.14
Latest Secure Linux Kernel Patches version number is 2_2_14-ow2

All these below mentioned Packages were available in the following sites as of this writing but we suggest you can get additional information regarding mirror sites by searching on their respective home pages.

7.1.1. Make an emergency boot floppy

The first of the pre-install step is to make an emergency boot floppy. Linux has a small utility named mkbootdisk to simply do this. The first step is to find out what kernel version, you are currently using. Check out your /etc/lilo.conf file and see which image was booted from and from this image, we can find the kernel version we need to make our emergency boot floppy.


                 [root@deep] /#cat /etc/lilo.conf
                 

In my example, I have the following in the lilo.conf file:

                       
                 boot=/dev/sda
                 map=/boot/map
                 install=/boot/boot.b
                 prompt
                 timeout=50
                 image=/boot/vmlinuz-2.2.12-20    (1)        
                 label=linux                      (2)        
                 root=/dev/sda6
                 initrd=/boot/initrd-2.2.12-20.img
                 read-only
                 
(1)
the kernel version
(2)
the image we booted from

Now you'll need to find the image that you booted from. On a standard new first install, it will be the one-labeled linux. In the above example we show that the machine booted using the /boot/vmlinuz-2.2.12-20 original kernel version of the system. Now we simply need to put a formatted 1.44 floppy in our system and execute the following command as root:


                 [root@deep] /#mkbootdisk --device /dev/fd0 2.2.12-20
                 


                    Insert a disk in /dev/fd0. Any information on the disk will be lost. Press <Enter> to continue or ^C to abort:
                 

Following these guidelines, you will now have a boot floppy with a known working kernel in case of problems with the upgrade. I recommend rebooting the system with the floppy to make sure that the floppy works correctly.