How-To: Compile and configure a 2.6.10 kernel



Note 2.6.10 is an old version of the kernel however, this guide will work with the latest 2.6.11.7 and grsecurity if you get those instead of the files described. If you go that route the patch described below for a specific vulnerability is not required.

My previous guides use a very specific config file that only works for a few different servers. This guide is meant to be a lot more generic and should work on more servers. I have taken the default config from a redhat 2.4 kernel and kept all the driver configuration. I have removed the extra support such as USB and sound that are not needed on a server. I also explain how to remove some of the drivers that are not necessary such as scsi/ide support depending on what type of drives you have. If you do not want to deal with the menuconfig you can simply compile it and not configure it. I hope that this guide will help alleviate some of the problem with segfaulting that some of the configurations have. If you would like to compile in grsecurity please follow my 2.6.10 grsecurity guide.

This guide has taken me a long time to create. If you have used it for your donate please consider donating :) With that being said good luck with compiling your new kernel.


***This guide is to be used completely at your own risk! ***

This guide should work fine and if you follow the guide exactly no permenant damage should be done to your system even if the server does not reboot. If the server does not come up you can simply reboot it and it will come back online with an older version that works. If you have any comments about the .config posted please post them I am always interested in making improvements! If you do not want to this yourself but still are interested in getting it done please look on the left for totalserver solutions.

Now that is done the guide is below, good luck!

First we are going to have to install mod-init-tools for module support. *NOTE* This is going to cause rkhunter to give errors on 3 binaries. This is completely normal, redhat does not currently use these versions and rkhunter does not think they are clean even though they are.

The "bad" output from rkhunter you will now see:
/sbin/depmod [ BAD ]
/sbin/ifconfig [ OK ]
/sbin/init [ OK ]
/sbin/insmod [ BAD ]
/sbin/modinfo [ BAD ]




-----command-----
cd /usr/local/src/
wget http://www.kernel.org/pub/linux/kernel/people/rusty/modules/old/module-init-tools-3.0.tar.gz
tar -zxf module-init-tools-3.0.tar.gz
cd module-init-tools-3.0
./configure --prefix=""
make moveold
make install
./generate-modprobe.conf /etc/modprobe.conf
cd ..
-----command-----

If you intend in removing the additional drivers that are in the .config you can look at the /etc/modules.conf or lspci to figure out what your server is currently using. Be aware that if remove the drivers for your network card or disk drives you will not be able to access your server!

Now we will download the 2.6.10 kernel and get it ready to configure.

-----command-----
cd /usr/local/src/
wget http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.10.tar.gz
tar -zxf linux-2.6.10.tar.gz
cd linux-2.6.10
make clean
make mrproper
make oldconfig
-----command-----
At this point you can follow the grsecurity guide if you are interested in compiling grsecurity into your kernel.


Now you are going to press and hold enter until it stops. This is going to load your current configuration into the .config and should allow you to boot your server up with no problem.

At this point I am going to try and explain the way to configure your kernel. You do not have to do this step but if you want to tweak your kernel for your system you should. There is a very nice configuration program called menuconfig that will allow for very simple modifications to the kernel config. Type "make menuconfig" to enter the configuration. You are now going to be looking at the main menu which divided into large groups of configurations. If you have a question about a specific option you can look at the "help" menu. If there is an M next to something it is loaded as a module while if there is a * it will always be loaded. If you are unsure of changing something leave it the same! The only really big thing I would suggest is changing the SMP support and processor support. The other options will help are but not necessary.

Code maturity level options - The options inside here allow you to specify some basic options about the drivers.

General Setup - Some basic options are here
-- Local version - append to kernel release - You know you want to add -eth00 here ;) This option will allow you to add something at the end of the kernel name that is shown in uname.

Loadable Module Support - you could disable modules here but it will make the kernel very large if you do not strip everything extra first. I would highly advise against removing the modular support unless you have removed all but the necessary drivers. Not having module support is a very good idea in the long run but takes a while to figure out and configure. It also is more secure as some rootkits rely on adding new modules to actually root the server.

Processor type and features - Lots of options that you should take a look at depending on your processor
-- Processor family - Most servers are P4/xeon but if you have something else select your correct CPU so that the kernel can be optimized for it.
-- Symmetric multi-processing support - This is also known as SMP support. Some of the newer P4's support SMP but if you are unsure and you do not have a dual processor you should disable this. Even if you do have SMP support on a non-xeon system you may have a performance increase without the SMP option, it will depend on the individual server.
-- You can remove support for both of the laptops, after all I hope you are not running laptop as your server.

Power management options (ACPI, APM) - Hey you don't pay for power in the datacenter why should you not suck anything but the maximum amount of power! In all reality a server does not need any of these options anyways because it may cause problems

Bus options (PCI, PCMCIA, EISA, MCA, ISA) - Here you can remove additional support if you know your exact hardware. Not all servers will need support on all of the configuration that I have added.

Executable file formats - There are a few options here for what your system can or cannot run.The important thing is to make sure that you keep elf binary support. The other options can be disabled if you are not running any other types of binaries.

Device Drivers - Here is the bulk of the configuration that you are going to want to do.

-- Generic Driver Options - Some generic options can be left at the default.
-- Memory Technology Devices (MTD) - Leave it at no
-- Parallel port support - No need for parralel support on the server. If you remove the top option it will automatically remove the rest.
-- Plug and Play support - No need for plug and play support, your hardware configuration should not be changing on a server.
-- Block devices - Remove all of the options you are not going to need. Floppy support, XT hard disk, Compaq SMART2 support, and Compaq smart arrary 5xxx support can be disabled safely on most servers.
-- ATA/ATAPI/MFM/RLL support - If you are running SCSI you can remove all of these. If you are using a normal IDE drive or SATA keep everything enabled. If you are sure of what you have on your server you can use your own discression to remove the extra drivers.
-- SCSI device support - Support can be removed from SCSI if you are running IDE. If you are using SATA make sure to keep SCSI support.
-- Old CD-ROM drivers (not SCSI, not IDE) - The options here are for the very old cdrom drives off the sound card and such. It should already be disabled and should stay that way.
-- Multi-device support (RAID and LVM) - If you are not running RAID these can be disabled.
-- Fusion MPT device support - If you are running SCSI drives keep this enabled it is support for a very popular control card.
-- IEEE 1394 (FireWire) support - Most servers should not need firewire support, disable this.
-- I2O device support - This can be disabled.
-- Networking support - Network card configuration is here. You can disable the additional ethernet drivers if you are sure but if not just leave the extra drivers.
---- IrDA (infrared) subsystem support - Disable, no need for infrared on a server.
---- ARCnet devices - Disable
---- Token Ring devices - Disable
---- Wireless LAN (non-hamradio) - Disable
---- Wan interfaces - Disable
---- ATM drivers - Disable
---- FDDI driver support - Disable
---- PPP (point-to-point protocol) support - Disable, this is the type protocol used in DSL.
-- ISDN subsystem - Disable
-- Telephony Support - Disable
-- Input device support - Some options can be disabled here
---- Joystick interface- Disable
---- Mice - Disable
--Character devices - Look though but there are few reasons to leave anything here enabled. The options are targeted more towards graphical interfaces.
--I2C support - Disable
--Dallas's 1-wire bus - Disable
--Misc devices - Leave disabled
-- Multimedia devices - Disable
-- Graphics support - Disable you should not be running a GUI on a server
-- Sound - Disable, this is just for playing even if you are streaming sound there is no need for these drivers
-- USB support - Disable, your server should not be using any USB devices
-- MMC/SD Card support - Disable

File systems - If you know what type filesystems you are using you can disable the extra ones.
-- Minix fs support - Disable
-- ROM file system support - Disable unless you need cd-rom support
-- CD-ROM/DVD Filesystems - Disable unless you need cd/dvd support
-- DOS/FAT/NT Filesystems - Disable
-- Miscellaneous filesystems - Disable all of these
-- Network File Systems- Disable

Profiling support - Leave this disabled

Kernel hacking - Leave this disabled

Security options - Defaults are fine here again. Later I will show how to configure grsecurity but this version of the guide will not have it.

Cryptographic options - Defaults are fine

Library routines - Defaults are fine

At this stage you can configure the kernel how you like it. By running "make menuconfig" you will be presented by a huge menu of options that you can try to comile into your kernel. After you do your changes click exit and continue. I have already removed just about everything extra and no changes are necessary. Please note that if you do add features you need to add them statically into the kernel as this kernel does not support loadable modules. If you do add module support and modules your server will not boot using the directions below. If you add anything but module support it will automatically be added statically in menuconfig.



Now to actually compile the kernel.
-----command-----
make bzImage
make modules
make modules_install
-----command-----
Make sure there are *NO* errors after this! If you do get errors the below is not going to work.


Copy the new files into your /boot directory.
-----command-----
cp .config /boot/config-2.6.10
cp arch/i386/boot/bzImage /boot/vmlinuz-2.6.10
cp System.map /boot/System.map-2.6.10
mkinitrd /boot/initrd-2.6.10.img 2.6.10
-----command-----

If you get an error about /dev/mapper/control do the following:
-----command-----
rm -rf /boot/initrd-2.6.10.img
mkinitrd --omit-lvm-modules /boot/initrd-2.6.10.img 2.6.10
-----command-----

To boot the server a bootloader must be used. The two major bootloaders are grub and lilo. If you do not appear to not have any you may not...some datacenters do not install any which makes it a pain to upgrade the kernel. For the most part if you have an ev1 box you have lilo but if you have any other datacenter grub is usually used. As of right now grub is the default bootloader for RHEL.

To check which you have type
-----command-----
dd if=/dev/hda bs=512 count=1 2>&1 | grep GRUB
dd if=/dev/hda bs=512 count=1 2>&1 | grep LILO
-----command-----
One of those should return something, that is your bootloader.

If you have lilo follow the below, if you do not skip down to the grub section.

All of he ev1 servers I have worked on have lilo installed so below is what you need to add to the file to allow you to boot. The append elavator deadline should help with the IO of your server which will in turn lower your server loads. If after recompiling you have trouble with the IO remove the line and reboot to see if that is what is causing the trouble.
-----command-----
pico -w /etc/lilo.conf
-----command-----

Now scroll to the bottom and add these lines.

image=/boot/vmlinuz-2.6.10
label=2.6.10
append="root=/dev/sda3"
read-only
initrd=/boot/initrd-2.6.10.img

**Note** where it says sda3 you need to replace with your / partition. If you look at df -h you will see something like this:

Filesystem Size Used Avail Use% Mounted on
/dev/hda3 72G 15G 54G 22% /

That shows that /dev/hda3 is the / and in this instance we would put root=/dev/hda3


Make sure when you run this lilo command that you can see no errors. If there are something is configured wrong and the server is not going to boot.
-----command-----
lilo -v -v
-----command-----
If you do not see "Writing boot sector." after this command something is wrong!


Now we are going to set the server to reboot into the kernel. By using -R the server will only try to boot once into the new kernel. If any problems are encountered the server will boot to your old kernel the next time it is rebooted.

-----command-----
lilo -R 2.6.10
-----command-----


If you have grub you are going to want to read this section.

-----command-----
pico -w /etc/grub.conf
-----command-----

If you look there are a series of repeated lines. Each one of these is a different kernel that can be booted. Paste the above into the top section of the grub config. ***PLEASE NOTE*** You need to modify the root (hdx,x) and root=/dev/sda1 to look like the previous configs. The drive will be different depending on the individual server drive and partition configuration. Make sure and change the default= one number higher then before since you added one at the very top. If it is 0 and you leave it at 0 and you have trouble with your server you will not be able to boot it.

title Red Hat Linux (2.6.10)
root (hd0,0)
kernel /vmlinuz-2.6.10 ro root=/dev/sda1
initrd /initrd-2.6.10.img

After that save out and run grub
-----command-----
grub
-----command-----
Once it is done probing the drives enter:
savedefault --default=0 --once
quit


That will make the new kernel boot once and reboot into the old kernel if you have any issues on the reboot. Once you are done rebooting and the new kernel comes up fine you can edit the /etc/grub.conf again and change the default to 0 so you will keep booting to 2.6.10.





Ok you are ready to reboot and test it out. Go ahead and shutdown via "shutdown -r now". If it does not come up after 10 minutes you are going to have to get the server rebooted. Since we used the -R it will boot back to the old kernel last time. If it fails you can check the logs to see if anything is shown but many times nothing does and the only way to do it is have a tech look at the screen or use a kvm/drac. If it does work for you change the default= in the lilo.conf to your new kernel.


Save and you are all done.


If you are running Redhat 9 (RH9) you are going to have to upgrade your version of rpm. Simply run:
export LD_ASSUME_KERNEL=2.4.1; rpm -Uvh ftp://ftp.rpm.org/pub/rpm/dist/rpm-4.2.x/rpm-4.2-1.i386.rpm
The export command is a workaround so you can actually install the rpm. If you still have trouble you can use the export command to allow rpm to function.


Hopefully it will come up fine for you, I have used it many times and it always works :)
Feel free to link to this guide but please do not copy it as your own!