In our configuration and compilation we will build a monolithic kernel. Monolithic kernel means to only answer Yes
or No
to the
questions, don't make anything modular and omit the steps:
make_modules
make_modules_install.
Also, we will patch our new kernel with the buffer overflow protection from kernel patches. Patches for the Linux kernel exist, like Solar Designer's non-executable stack patch, which disallows the execution of code on the stack, making a number of buffer overflow attacks harder - and defeating completely a number of current exploits used by "script kiddies" worldwide.
Remember to only answer Yes
or No
to the questions when configuring your new kernel if you're intending to build a monolithic kernel. If you intend to use firewall masquerading functions or a dial-up ppp connection, you
cannot build a monolithic kernel, since these function require the build of some modules, by default. Build, instead, a modularized kernel.
A new kernel is very specific to your computer hardware, in the kernel configuration part; we are using the following hardware for our example. Of course you must change them to fit your system components.
1 Pentium II 400 MHz (i686) processor |
1 Motherboard SCSI |
1 Hard Disk SCSI |
1 SCSI Controler Adaptec AIC 7xxx |
1 CD-ROM ATAPI IDE |
1 Floppy Disk |
2 Ethernet Cards Intel EtherExpressPro 10/100 |
1 Mouse PS/2 |
These installation instructions assume
Commands are Unix-compatible. |
The source path is /usr/src. |
Installations were tested on Red Hat Linux 6.1 and 6.2. |
All steps in the installation will happen in super-user account root. |
Latest Kernel version number is 2.2.14 |
Latest Secure Linux Kernel Patches version number is 2_2_14-ow2 |
All these below mentioned Packages were available in the following sites as of this writing but we suggest you can get additional information regarding mirror sites by searching on their respective home pages.
Kernel Homepage:http://www.kernelnotes.org/
Be sure to download: linux-2_2_14_tar.gz
Kernel FTP Site: 139.142.90.113
Secure Linux Kernel Patches Homepage:http://www.openwall.com/linux/
You must be sure to download: linux-2_2_14-ow2_tar.gz
Secure Linux Kernel Patches FTP Site: 195.42.162.180
The first of the pre-install step is to make an emergency boot floppy. Linux has a small utility named mkbootdisk to simply do this. The first step is to find out what kernel version, you are currently using. Check
out your /etc/lilo.conf
file and see which image was booted from and from this image, we can find the kernel version we need to make our emergency boot floppy.
[root@deep] /#cat /etc/lilo.conf
In
my example, I have the following in the lilo.conf
file:
boot=/dev/sda map=/boot/map install=/boot/boot.b prompt timeout=50 image=/boot/vmlinuz-2.2.12-20 label=linux root=/dev/sda6 initrd=/boot/initrd-2.2.12-20.img read-only
Now you'll need to find the image that you booted from. On a standard new first install, it will be the one-labeled linux. In the above example we show that the machine booted using
the /boot/vmlinuz-2.2.12-20
original kernel version of the system. Now we simply need to put a formatted 1.44 floppy in our system and execute the following command as root:
[root@deep] /#mkbootdisk --device /dev/fd0 2.2.12-20
Insert a disk in /dev/fd0. Any information on the disk will be lost.
Press <Enter> to continue or ^C to abort:
Following these guidelines, you will now have a boot floppy with a known working kernel in case of problems with the upgrade. I recommend rebooting the system with the floppy to make sure that the floppy works correctly.