Security :: Need For Kernel Compilation / Explain About Grsecurity?
Dec 16, 2009What is the need for kernel compilation. Please explain about grsecurity kernel too.
View 2 Replies
ADVERTISEMENT
Debian Hardware :: Installed Grsecurity Kernel - But Now Wrong Network Drivers
Jun 4, 2010Ok.. when it comes to drivers and kernels...I have a rented server - so I do not have local access to it, and I do not have a KVM or remote console to it.
This is the current kernel that came with it:
Linux version 2.6.26-2-686 (Debian 2.6.26-22lenny1) (dannf@debian.org) (gcc version 4.1.3 20080704 (prerelease) (Debian 4.1.2-25)) #1 SMP Wed May 12 21:56:10 UTC 2010 the network card module according to support is r8169 (when i do lsmod i see r8169 listed), lspci lists it as: Ethernet controller: Realtek Semiconductor Co., Ltd. RTL8111/8168B PCI Express Gigabit Ethernet controller (rev 03).
So.. where everything went bad is after I installed grsecurity kernel via apt-get install linux-image-grsec. It installed and rebooted successfully, but without the right network card module. The datacentre support had to reboot it to the original kernel for me.
So - i don't know how to update the network card drivers of the grsecurity kernel? It has to be perfect (I can't do trial and error) because each attempt that fails, I have to engage the datacentre support to reboot the system back into the original kernel. Apparently the new kernel detected it as a gigabit fibre card.
Ubuntu :: Kernel Compilation For 64 Bit?
Mar 31, 2011Just I compiled Kernel xxx.3.6 in ubuntu in Virtual Machine for 32 bit. However, I wanted to do it for 64 bit, I dont know what parameter is necessary for 64 bit.
View 9 Replies View RelatedDebian Configuration :: Kernel Compilation Duration
Apr 10, 2011I have squeeze installed on an AMD machine. i compiled the kernel based on the config file in the /boot.
it was surprisingly much time:
This was the first time using AMD machine, i had experience with some P4 machine to have much shorter kernel compilation time.
The machine:
what do i do in the wrong way? or is it the "feature" of the this old AMD?
Fedora Installation :: F11 - VirtualBox And Kernel Compilation
Sep 13, 2009I'm trying to get a fedora guest running reliable smp under VirtualBox 3.0.6. The VirtualBox manual says "Some Linux distributions, for example Fedora, ship a Linux kernel configured for a timer frequency of 1000Hz. We recommend to recompile the guest kernel and to select a timer frequency of 100Hz." So I tried recompiling the kernel. Being a responsible lad, when it came to setting the kernel specs:
Code:
# Polite request for people who spin their own kernel rpms:
# please modify the "buildid" define in a way that identifies
# that the kernel isn't the stock distribution kernel, for example,
# by setting the define to ".local" or ".bz123456"
#
# % define buildid .local
%define buildid .rim_for_vbox
I've successfully built and installed kernel, headers and firmware:kernel-2.6.30.5-43.rim_for_vbox.fc11.x86_64.rpm
kernel-firmware-2.6.30.5-43.rim_for_vbox.fc11.x86_64.rpm
kernel-headers-2.6.30.5-43.rim_for_vbox.fc11.x86_64.rpm
The system is working fine (well, so far). But trying to install the VirtualBox Guest Additions kernel add-ons still gives me
Please install the build and header files for your current Linux kernel. The current kernel version is 2.6.30.5-43.rim_for_vbox.fc11.x86_64. I'm pretty sure this is because my kernel doesn't match the development packagekernel-devel-2.6.30.5-43.fc11 (x86_64). So the key question is, how on Earth do I create a development package to match the responsibly-renamed kernel?
Ubuntu :: Unable To Complete Kernel Compilation
Feb 2, 2010Here is what I am getting with any kernel I am attempting to compile these days: [URL]
I pasted as much as I could salvage from the terminal.
Details here: [URL]
General :: Edit Grub.cfg After Kernel Compilation?
Dec 24, 2010I am compiling a new kernel. I have successfully compiled it, how to modify grub.cfg. I am using ubuntu 10.10.
Can I use 'update-grub' ?
I tried using that and even its updating the grub with new kernel. But after I boot the new kernel its showing
The disk for / is not ready or does not exist
#and some statements# M for recovery ...
Is there any problem with kernel compilation and why is that coming ?
General :: Kernel Compilation With Menu Oldconfig?
Apr 29, 2010Why it asking me for options to be selected while I run: Code: make oldconfig.I am in verse to compile latest reased kernel 2.6.34-rc5 on Ubuntu 9.10?what i did is Just pressed "Enter" key ( i think it will dsiable everything?Not sure) and created a .config file.
View 5 Replies View RelatedSecurity :: Audit Compilation :audit_tty_status Missing?
Jun 7, 2010Strange :during the configure. I have checked :checking for struct audit_tty_status... no#uname -aLinux lfslc5 2.6.18.8-xenU-64b #1 SMP Tue May 6 18:09:10 CEST 2008 x86_64 x86_64 x86_64 GNU/Linux
View 2 Replies View RelatedOpenSUSE Hardware :: FGLRX/Kernel 2.6.34.7-0.3.1 - Compilation Error ?
Oct 1, 2010I've been reading about a temporary solution to the kernel/Fglrx issue caused by the last kernel update, but I haven't read about any permanent solution to this issue. Anyone know anything about a permanent solution (new kernel update?, new Fglrx driver?) to this compilation error?
View 6 Replies View RelatedUbuntu :: Enabling Parallel Compilation Of Kernel Source?
Sep 17, 2010enabling parallel compilation of kernel source.I've read that setting the CONCURRENCY_LEVEL environment variable should do that. The problem is that I see only one instance of a running gcc in top, notwithstanding I have set "export CONCURRENCY_LEVEL=5".
View 1 Replies View RelatedServer :: Screen Remains Blinking During The Kernel Compilation?
Dec 16, 2010I was trying to compile the kernel 2.6.36 following the format [url] but my fedora 13 machine screen remains blinking without booting to new kernel.
View 1 Replies View RelatedUbuntu :: Make Menuconfig Returns An Error In Kernel Compilation
Jul 12, 2010I'm simply trying to compile a vanilla kernel from Kernel.org, I've done it before, however "make menuconfig" returns an error after I've made my changes to the config file.
Code:
Why is make returning that error? I am using a 64-bit kernel.
CentOS 5 :: Installing VirtualBox - Compilation Of Kernel Module Failed
Oct 13, 2009I'm trying to get Virtualbox up an running. So I have added virtualbox in my repo and added the key, looks fine so far. but afeter downloading I get this:
VirtualBox-3.0.8_53138_rhel5-1.x86_64
Creating group 'vboxusers'. VM users must be member of that group!
No precompiled module for this kernel found -- trying to build one. Messages
emitted during module compilation will be logged to /var/log/vbox-install.log.
Compilation of the kernel module FAILED! VirtualBox will not start until this problem is fixed. Please consult /var/log/vbox-install.log to find out why the kernel module does not compile. Most probably the kernel sources are not found. Install them and execute /etc/init.d/vboxdrv setup as root.
Ubuntu :: Explain Teps To Boot Into Cli Not Gnome
Dec 5, 2010I am having a hard time understanding how to boot into the CLI, and not GNOME.Do I use the following sudo update-rc.d -f gdm remove.Is there a special keyboard key like in windows (F, to drop into the CLI before GNOME loads, and modify the xorg.conf file?
View 7 Replies View RelatedSoftware :: LD ,CC , AS / Good Book - Website To Explain These?
Jun 20, 2011I want to know what are these flags,LD,CC,AS,LDS , ...(or labels,I don't know their exact title) during compiling a software in linux?
Is there any good book or website to explain these ?
Ubuntu :: Explain The Multiple Firefox Default Folders?
Mar 14, 2010Under /home/username/.mozilla I have a default folder which contains folders named "aqeif3n4.slt" and "cache". Under /home/username/.mozilla/Firefox I also have more default folders such as "6ajy4rl7.default", "ad2fpe1q.default" and "ivkrjhk8.default". I do not understand what the default folder under /home/username/.mozilla is for. I am sure that the .default folders under /home/username/.mozilla/Firefox are my Firefox files (duh!) but why are there more than one? Is a new one created every so often so you have copies from past time periods? Or what?
View 2 Replies View RelatedGeneral :: How To Explain Difference Between Open Source And Freeware?
Oct 26, 20101) A 13-years old boy wasn't impressed by KDE 4.x. Its own Window$ looks also nice and pretty and have similar functionality.
2) Open Source? How to explain a difference between open source and freeware? Do we really benefit running open source programs instead of freeware? Most of us will never read a line from a source. We want, we require easily accesible binaries.
So why a common window$ user find worthy to run Linux? What can Linux offer? Linux should be as different from window$ as it is possible.
3) Twm window manager is definitely something strange - in the way the vi editor for notepad users. Twm is for some reasons better than any other wm. I started both kde desktop and xfce desktop under twm. Both desktops can be iconyfied. It is your choice which at this moment you prefer. But you can work with both. Full democracy. No more discussions which is better.
4) When finally developers of KDE, GNOME will make these desktop almost perfect they will be obsolete. In fact they are today obsolete. It is about 20 years working in the same manner. Windows, buttons, mouse's click - I think it's enough. At least I am really bored.
5) NextGen UI. Not GUI but UI. A core of the nextgen UI will be an AI
engine. Also see p. 4, we may think about VUI - virtual environements,
you can run all your preferable GUI simultaneously. Or any other today predefined UI (eg. cli).
6) What about windows (parts of a graphical screen)? Nothing. If AI will be in the core you will need windows only for watching video and playing games.
Finall remarks: It is not a project only an idea. My intuition tells me that there is a time for changes. Time for swimming in deep water.
Security :: Increase The Security Of NFS Kernel Server ?
Aug 29, 2009I followed this how to to make a NFS server: [url]
So it means: exports looks like this:
Quote:
Here are some quick examples of what you could add to your /etc/exports
For Full Read Write Permissions allowing any computer from 192.168.1.1 through 192.168.1.255
It means that if sbdy arrives with a linux machine, puts the ethernet cable into the router, then logs as root on his machine, and mount the exports. He can do almost everythg, with permissions chmod'ing ...
Is that LAMP, or i am wrong for nfs kernel servers, the ultimate users/password servers against that to prevent those physical approches /logins?is there good how to ?
Security :: Mail Kernel - Messages
Mar 11, 2011My /var/log/messages file is being flooded by messages like these.
Code:
Debian Configuration :: 4.2.2 Security Update Of Kernel
Sep 9, 2015From the securing-debian-howto [URL] ...
"4.2.2 Security update of the kernel
First, make sure your kernel is being managed through the packaging system."
which suggests...
Code: Select all$ dpkg -S ‘readlink -f /vmlinuz‘
When I try to confirm by running the above, I get a lot of characters of output but the last line reads...
Code: Select alldpkg-query: no path found matching pattern /vmlinuz‘
How do I make sure my kernel is being managed through a packaging system?
Fedora Security :: F12 Kernel Exploits Found?
Nov 25, 2009A few days ago I installed F12 and it was working fine very well up until today when I booted my computer from a perfect working order state yesterday to this. Well my wireless was still being sniffed and slowed down to dial up speed but what's new thats been consistant for at least 3 months I can't really do much about it since my brother doesn't like changing the password.
I recently logged onto my new fedora 12, 64-bit, system encrypted (all partitions effected by install), selinux enforced install to find myself in tty4 and some "other" users logged on to the other terminals. My folders would have lock icons on them after opening, my notication menu/toolbar crashed and hasn't returned on system reboot, some data transfers between removable storage returned input output errors while others worked fine(?). I also recieved this kernel bug output from the bug reporting tool but I have no idea what it means.
Also I was not loose with the security either I had removed unconfined login types (After setting up the system as I needed) meaning I couldn't even run root or sudo and neither could anyone else (asfar as I was aware). I pretty much increased selinux to its maximum boolean strictness and limited the _default_(Me included) account to a user from a _default_ unconfined (to actually be able to log in with the selinux boolean in place). Meaning they "the exploiters" were able to bypass selinux as a user account? How is that possible and even if you do root logon is disabled by selinux too?
At the moment I'm on a live cd trying to look for a way to custimise them as it seems it may be my only option.
Just a side note you can't just log in to tty4 by default without actively taking up spaces either by other users or your own use. Meaning since the tty login is automated 3 terminals were in use tty1, tty2 and tty3.
Which commands should I run to find out what is being done?
Edit: Just had my F12 x64 live cd taken down twice and had to hard reset as the toolbar disappeared. Took a photo of the last error message. I was just reading a pdf and using firefox at the time.
Is fedora usually this easy to hack?
Security :: How To Enable And Config Auditd In Kernel 2.6.9-5.EL
Mar 14, 2010Anyone can tell me how to enable and config auditd in linux kernel 2.6.9-5.EL. I have only found command auditd and auditctl in server that run kernel 2.6.9-5.EL. I ran auditd & and can saw auditd ran in my server. But I couldn't do anything with auditctl, no status, no rules, nothing :| . I tried to find audit.rules or auditd.conf but that nothing I can find.
View 1 Replies View RelatedFedora Security :: Attack Sneaks Rootkits Into Kernel
May 7, 2009Attack Sneaks Rootkits Into Linux Kernel Quote: A researcher at Black Hat Europe this week will demonstrate a more stealthy way to hack Linux
Apr 14, 2009 | 04:21 PM
By Kelly Jackson Higgins
DarkReading
Kernel rootkits are tough enough to detect, but a researcher this week has demonstrated an even sneakier method of hacking Linux. The attack attack exploits an oft-forgotten function in Linux versions 2.4 and above in order to quietly insert a rootkit into the operating system kernel as a way to hide malware processes, hijack system calls, and open remote backdoors into the machine, for instance. At Black Hat Europe this week in Amsterdam, Anthony Lineberry, senior software engineer for Flexilis, will demonstrate how to hack the Linux kernel by exploiting the driver interface to physically addressable memory in Linux, called /dev/mem.
"One of bonuses of this [approach] is that most kernel module rootkits make a lot noise when they are inserting [the code]. This one is directly manipulating" the memory, so it's less noticeable, he says. The /dev/mem "device" can be opened like a file, and you can read and write to it like a text file, Lineberry says. It's normally used for debugging the kernel, for instance.
Lineberry has developed a proof-of-concept attack that reads and writes to kernel memory as well as stores code inside the kernel, and he plans to release a framework at Black Hat that lets you use /dev/mem to "implement rootkit-like behaviors," he says. The idea of abusing /dev/mem to hack the Linux kernel is not really new, he says. "People have known what you can do with these /dev/mem devices, but I have never seen any rootkits with dev/mem before," he says.
Quote: "The problem with kernel-based rootkits is that the rootkit can mitigate [detection] because it has control," he says. "It's a race in the kernel to see who's going to see who first." [URL]
Fedora Security :: Spurious Interrupts And Kernel Seg Faults?
Jun 22, 2009What does this means:
[6867450.202500] hpet1: lost 1 rtc interrupts
[6867450.548506] hpet1: lost 2 rtc interrupts
May 24 20:20:01 vms2 kernel: [6886829.451310] console-kit-dae[19655]: segfault at 198 ip 00007f4c31b7fe09 sp 000000004036c090 error 4 in libglib-2.0.so.0.1800.2[7f4c31b53000+c3000]"
Ubuntu Security :: 64 Bit Kernel Would Be More Stable Secure And Reliable Than A 32 Bit One ?
Jul 7, 2010Since all what I can find on google is about benchmarks I'd like to ask you if a 64 bit kernel would be more stable , secure and reliable than a 32 bit one.
I ask this question because apparently the 64 bit instruction set offers more advanced security features (i'm saying apparently because I'm not able to give details since it been a really fast read) which would be used by a 64 bit Operating System (Apple also stated that 64 bit applications are less likely to be "attacked").
I have to assume that a 32 bit one does not use them right? Should I stick to 64 bit? (to be honest that "not for everyday" thing on ubuntu download pages made me wonder lol, because since intrepid i ALWAYS used the 64 bit version)
My "lowest" computer has a pentium processor (1,6 ghz dual core) according to lshw I have NX enabled and my ram is 2GB (might seem useless using a 64bit kernel on 2 GB but i'm more concerned about security now)
Ubuntu Security :: Prevent Kernel Initramfs Extraction?
Jul 16, 2010I'm writing here because it's mainly a security issue even though it's rather kernel related.
I'm compiling my own vanilla kernel with an initramfs included in the bzImage. That image contains encryption keys for the rest of the system. Even though it's not for everybody the initramfs image can be extracted from the kernel, decompressed and the keys extracted.
I'm looking on a way to prevent this.
Ubuntu Security :: Any Kernel Source To Get Sebek 2.6.32 Working?
Nov 12, 2010A while back there was a lkm called sebek, which is designed to work in a honeypot for finding and studying internet hackers, but its very outdated and wont work with newer 2.6 kernels. Anyone know of any projects currently in the works to mod the kernel source to get it it work again? I know it's easily detected but thought that someone might still be working on somewhere.
View 1 Replies View RelatedDebian :: Security Update 'broke' Kernel / Recompile It?
May 25, 2011I installed the latest security update for squeeze. It entailed an update of the kernel. Now when it boots, it give continuous kernel error messages about "can't enumerate usb .... " I have a custom kernel compiled from source (not sure about the patch level) from the same kernel 2.6.32. It seems to work OK. Should I worry about the security of this custom kernel or should I try to recompile it? I don't really know how to do any patching of the kernel source.
View 5 Replies View RelatedGeneral :: Upgrade Kernel Of Auditor Security Collection?
Apr 21, 2011i want to upgrade my kernel of auditor security collection which i have installed on my hardisk.The kernel version is 2.6.11.
View 12 Replies View Related