how to install grsecurity The following instructions will lead you through the process of downloading all the components necessary for using grsecurity on your system
The latest stable version of grsecurity.
A matching version of gradm, the administration utility for grsecurity.
Full source code of the Linux kernel.
#downloading grsecurity
In our case we downloaded the following files
grsecurity-2.9.1-3.2.50-201308052151.patch
grsecurity-2.9.1-3.2.50-201308052151.patch.sig - This is the digital signature of this release.
#Downloading gradm
Point your browser to
http://grsecurity.net/ Click on the "Download" link and then select a "Stable" or "Test" patch.
Download the following files
gradm-2.9.1-201308021745.tar.gz
gradm-2.9.1-201308021745.tar.gz.sig - This is the digital signature of this release.
#Downloading the Linux Kernel
download both the kernel source and the signature to the current working directory:
$ wget
https://www.kernel.org/pub/linux/kernel/v3.x/linux-3.2.50.tar.bz2$ wget
https://www.kernel.org/pub/linux/kernel/v3.x/linux-3.2.50.tar.sign#Verifying the Downloads
To import the key, run the following command in the directory where your grsecurity and its key were downloaded.
$ gpg --import spender-gpg-key.asc
gpg: key 4245D46A: public key "Bradley Spengler (spender) <spender@grsecurity.net>" imported
gpg: Total number processed: 1
gpg: imported: 1
After importing the key, verify the downloaded grsecurity and gradm packages by running the below commands in your grsecurity directory:
$ gpg --verify grsecurity-2.9.1-3.2.50-201308052151.patch.sig
gpg: Signature made Mon 05 Aug 2013 06:55:44 PM PDT using DSA key ID 4245D46A
gpg: Good signature from "Bradley Spengler (spender) <spender@grsecurity.net>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 9F74 393D 7E7F FF3C 6500 E778 9879 B649 4245 D46A
$ gpg --verify gradm-2.9.1-201308021745.tar.gz.sig
gpg: Signature made Fri 02 Aug 2013 02:45:37 PM PDT using DSA key ID 4245D46A
gpg: Good signature from "Bradley Spengler (spender) <spender@grsecurity.net>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 9F74 393D 7E7F FF3C 6500 E778 9879 B649 4245 D46A
[Below is an example of a failed signature verification. The patch file was modified on purpose to make the verification fail.]
$ gpg --verify grsecurity-2.9.1-3.2.50-201308052151.patch.sig
gpg: Signature made Mon 05 Aug 2013 06:55:44 PM PDT using DSA key ID 4245D46A
gpg: BAD signature from "Bradley Spengler (spender) <spender@grsecurity.net>"
#Patching Your Kernel with grsecurity
# tar -xf linux-3.2.50.tar
# cd linux-3.2.50
# patch -p1 < ../grsecurity-2.9.1-3.2.50-201308052151.patch
#Configuring the Kernel
$ make menuconfig
#Compiling and Installing the Kernel
# fakeroot make deb-pkg
To install the newly created Debian package, run
# cd ..
# dpkg -i *.deb
For more reference just follow the documentation
https://en.wikibooks.org/wiki/Grsecurity#Installation