This is a very simple guide meant for people unfamiliar with upgrading kernels on a linux system. It is fairly simple to follow and I have done this on many servers so if you take your time and read though it you should have no problem. I take no responsibility if something goes wrong on your server because of this! This guide is formated for a RHEL server but if you understand the concept it can be applied to any rpm kernel.

Updated August with new versions


The kernel versions are constantly changing so this guide may fall out of date from time to time. The important thing to remember is when you are doing the up2date --download simply look at the version that is downloaded. That is going to be the latest version and in turn the version you want to install and boot to. RHEL or CentOS 5 follow the same basic method.

How-To: Compile a monolithic 2.6.10 kernel with grsecurity and secfix patch

Note 2.6.10 is an old version of the kernel however, this guide will work with the latest 2.6.11.7 and grsecurity if you get those instead of the files described. If you go that route the patch described below for a specific vulnerability is not requied.


This guide was designed for the ev1 configurated poweredge servers. I have tested it on the the 2.0 and 2.4 Ghz Xeons, and 2.0 and 3.0 Ghz celeron. It should also work fine with the P4 2.0 Ghz + but I have personally not tested one yet. I do not have any plans to test this kernel on any older systems though as long as they network card support is built in it will probably work. If you post here with specific problems on boot I can try to add the needed modules to my config. I started this as a project to increase the performance and security of my servers. The 2.6.x kernel has many improvements that have dramatically dropped the load on the servers I have tested this on so far. In addition to that the kernel does not support loadable modules, the definiation of monolithic, which removes one method of possible vulnerabilities as well as more efficient. Though there are no studies directly linking grsecurity to increased security it only adds additional security to your system with very few negative drawbacks. I think that is worth the extra time to configure in grsecurity in the chance that it may possibly block a possible cracker.

This kernel is patched against the following vulerability: http://www.isec.pl/vulnerabilities/isec-0021-uselib.txt. This is the root level exploit that was release January 7th. It is *HIGHLY* suggested that you upgrade ASAP. This particular exploit along with a worm much like the phpBB worm could be disasterous yeilding full root access.

Updated Feb 6th for instructions on updating grub
Updated Feb 2nd for rpm problems with RH9

Grsecurity is a set of patches and options that works to help increase the security of a server at the kernel level. Here is a very basic guide of how to download it and patch your kernel. This guide is meant to be used alongside of my generic 2.6.10 kernel guide if you are not familiar with the process of compiling a kernel. This guide can also be adapted to the latest 2.6.11.7 and version of grsecurity just fine.

How-To: Compile and configure a 2.6.10 kernel



Note 2.6.10 is an old version of the kernel however, this guide will work with the latest 2.6.11.7 and grsecurity if you get those instead of the files described. If you go that route the patch described below for a specific vulnerability is not required.

My previous guides use a very specific config file that only works for a few different servers. This guide is meant to be a lot more generic and should work on more servers. I have taken the default config from a redhat 2.4 kernel and kept all the driver configuration. I have removed the extra support such as USB and sound that are not needed on a server. I also explain how to remove some of the drivers that are not necessary such as scsi/ide support depending on what type of drives you have. If you do not want to deal with the menuconfig you can simply compile it and not configure it. I hope that this guide will help alleviate some of the problem with segfaulting that some of the configurations have. If you would like to compile in grsecurity please follow my 2.6.10 grsecurity guide.

This guide has taken me a long time to create. If you have used it for your donate please consider donating :) With that being said good luck with compiling your new kernel.