hardening your kernel

so let’s say you rent a server and you want to up the bar on security.

you might want to use GRSecurity that is a patch on top of linux kernel that does not have enough users but provides things that windows has when it comes to having better security with they way memory is managed. That is probably bad way of describing it but let’s say windows has things like ASR and then when you put this patch on linux it has something like that also.¬†For details consult their page. Features that it has are desirable comodity because they remove an entire classes of malicious things that can happen to your computer.

here is how to have centos 7 patched


#install dependencies
yum groupinstall -y “Development Tools”
yum install -y bc
yum install -y openssl-devel
yum install -y gcc-plugin-devel
yum install -y ncurses-devel

#download and patch kernel
cd /tmp
wget https://cdn.kernel.org/pub/linux/kernel/v4.x/linux-4.2.4.tar.xz
tar -xf linux-4.2.4.tar.xz -C /usr/src/
cd /usr/src/linux-4.2.4
wget https://grsecurity.net/test/grsecurity-3.1-4.2.4-201510222059.patch
patch -p1 < grsecurity-3.1-4.2.4-201510222059.patch

#make configuration and install
#here you can tupe make menuconfig and make sure to enable GRSecurity in your config
make oldconfig
make modules_install install
once you restart the server type “uname -r” and if it shows the new kernel with grsec string in it then it means it is ok if not check whether your config has the grsecurity enabled

Leave a Comment