Get your server issues fixed by our experts for a price starting at just 25 USD/Hour. Click here to register and open a ticket with us now!

Author Topic: Kernel with GR security  (Read 20398 times)

0 Members and 1 Guest are viewing this topic.

sujitht

  • Guest
Kernel with GR security
« on: April 29, 2017, 08:58:47 pm »
how to install grsecurity 

The following instructions will lead you through the process of downloading all the components necessary for using grsecurity on your system


    The latest stable version of grsecurity.
    A matching version of gradm, the administration utility for grsecurity.
    Full source code of the Linux kernel.

#downloading grsecurity


In our case we downloaded the following files

    grsecurity-2.9.1-3.2.50-201308052151.patch
    grsecurity-2.9.1-3.2.50-201308052151.patch.sig - This is the digital signature of this release.

#Downloading gradm
Point your browser to http://grsecurity.net/ Click on the "Download" link and then select a "Stable" or "Test" patch.

Download the following files

    gradm-2.9.1-201308021745.tar.gz
    gradm-2.9.1-201308021745.tar.gz.sig - This is the digital signature of this release.

#Downloading the Linux Kernel

download both the kernel source and the signature to the current working directory:

$ wget https://www.kernel.org/pub/linux/kernel/v3.x/linux-3.2.50.tar.bz2
$ wget https://www.kernel.org/pub/linux/kernel/v3.x/linux-3.2.50.tar.sign

#Verifying the Downloads

To import the key, run the following command in the directory where your grsecurity and its key were downloaded.

$ gpg --import spender-gpg-key.asc
gpg: key 4245D46A: public key "Bradley Spengler (spender) <spender@grsecurity.net>" imported
gpg: Total number processed: 1
gpg:               imported: 1

After importing the key, verify the downloaded grsecurity and gradm packages by running the below commands in your grsecurity directory:

$ gpg --verify grsecurity-2.9.1-3.2.50-201308052151.patch.sig
gpg: Signature made Mon 05 Aug 2013 06:55:44 PM PDT using DSA key ID 4245D46A
gpg: Good signature from "Bradley Spengler (spender) <spender@grsecurity.net>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 9F74 393D 7E7F FF3C 6500  E778 9879 B649 4245 D46A

$ gpg --verify gradm-2.9.1-201308021745.tar.gz.sig
gpg: Signature made Fri 02 Aug 2013 02:45:37 PM PDT using DSA key ID 4245D46A
gpg: Good signature from "Bradley Spengler (spender) <spender@grsecurity.net>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 9F74 393D 7E7F FF3C 6500  E778 9879 B649 4245 D46A

[Below is an example of a failed signature verification. The patch file was modified on purpose to make the verification fail.]

$ gpg --verify grsecurity-2.9.1-3.2.50-201308052151.patch.sig
gpg: Signature made Mon 05 Aug 2013 06:55:44 PM PDT using DSA key ID 4245D46A
gpg: BAD signature from "Bradley Spengler (spender) <spender@grsecurity.net>"

#Patching Your Kernel with grsecurity

# tar -xf linux-3.2.50.tar
# cd linux-3.2.50
# patch -p1 < ../grsecurity-2.9.1-3.2.50-201308052151.patch

#Configuring the Kernel

$ make menuconfig

#Compiling and Installing the Kernel

# fakeroot make deb-pkg

To install the newly created Debian package, run

# cd ..
# dpkg -i *.deb

For more reference just follow the documentation https://en.wikibooks.org/wiki/Grsecurity#Installation