You must have followed an old or incorrect URL. P

Please use the search function if you are still looking for something.

How-To: Compile a monolithic 2.6.9 kernel with grsecurity

This guide was designed for the ev1 configurated poweredge servers. I have tested it on the the 2.0 and 2.4 Ghz Xeons, and 2.0 Ghz celeron. It should also work fine with the P4 2.0 Ghz + but I have personally not tested one yet. I do not have any plans to test this kernel on any older systems though as long as they network card support is built in it will probably work. I started this as a project to increase the performance and security of my servers. The 2.6.x kernel has many improvements that have dramatically dropped the load on the servers I have tested this on so far. In addition to that the kernel does not support loadable modules, the definiation of monolithic, which removes one method of possible vulnerabilities as well as more efficient. Though there are no studies directly linking grsecurity to increased security it only adds additional security to your system with very few negative drawbacks. I think that is worth the extra time to configure in grsecurity in the chance that it may possibly block a possible cracker.

How-To: Compile a 2.6.9 Kernel

This guide is to be used completely at your own risk! It was designed with an ev1 dual xeon hardware configuration in mind but will also work on some of the P4 modals. I am not going to try and support every possible hardware combination. I started this because I wanted a kernel for my own use but decided to share my work. Upgrading a kernel from rpm is easy and doing it as i have below is pretty easy as I have already done much of the hard configuration work. I was able to use the following guide on multiple servers with no problem and I know that it works. The key that makes this much easier is that you are using the .config file I have already created which contains all of the variables and configuration options. If you would like to view the .config file and offer any input please feel free! I have a little experience with compiling kernels but I am sure there are a few more things here and there I can remove.

*********************WARNING********************



This guide is no longer going to be updated as it is too large and complex to maintain. Instead all of the other guides on the right will continue to be updated. I am going to leave it up just because some people still look at it for a general idea of what to do with a new server. I would suggest that you not actually follow these directions as the versions may be old.


First and foremost I want to say that this is not going to make your server 100% cracker proof, there is always a possibility that somebody will find a way in. I have listed a lot of things you can do to protect your server and that will help you secure it. While securing your server you have to find a median between what is secure and what restricts your clients or websites. You can easily make your server 100% secure from remote attacks by unplugging the ethernet cable, but chances are you will not get much good with it. This is not a complete guide and I will update it when I find time or it needs it. Overall it is a very good start and it is probably more then most servers have.

If you have any problems with the guide please post them and I will try and help/update the guide. I have not included everything you can do but it is a very good start. If you need somebody to secure server please feel free to private message or email me.