grsecurity kernel help/questions

General support questions
Post Reply
CBG
Posts: 2
Joined: 2014/04/17 20:01:15

grsecurity kernel help/questions

Post by CBG » 2014/04/17 20:06:07

Hi,.

I have a unmanaged cPanel/WHM VPS, which is running vmware, with CentOS 6.5.
I installed the CentOS kerenel using yum, so I could get ConfigServer Firewall.

I would like to setup a grsecurity kernel and would like some advice

wget http://www.kernel.org/pub/linux/kernel/ ... .57.tar.gz
wget http://grsecurity.net/stable/grsecurity ... 1252.patch

tar -xf linux-3.2.57.tar
cd linux-3.2.57
patch -p1 < ../grsecurity-3.0-3.2.57-201404131252.patch

make menuconfig


1. Is the above correct

2. Can I download the 2 files anywhere on the VPS?

3. Once I have patched and configure it, do I move it to the /boot/ folder?

4. Is it just the 1 file I need to move tot he boot folder?

5. Do I then config the grub.conf file like the below

Code: Select all

default=0
timeout=5

        title linux centos6-cpanel11_64
        kernel /boot/kernel_filename_here root=/dev/sda1  ro
        root (hd0,0)
6. If I need to add more modules to the kernel, do I just run menu makeconfig to change it and copy it to the /boot/ folder?

If you have any advice or help, that would be great.
Last edited by CBG on 2014/04/17 20:33:32, edited 1 time in total.
Top
User avatar
TrevorH
Site Admin
Posts: 33220
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: grsecurity kernel help/questions

Post by TrevorH » 2014/04/17 20:16:28

The CentOS kernel already includes selinux and I believe that that is incompatible with grsecurity. You have to have one or the other not both and since CentOS has already chosen selinux and all the tooling is geared around it, why are you trying to change?
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Top
gerald_clark
Posts: 10642
Joined: 2005/08/05 15:19:54
Location: Northern Illinois, USA

Re: grsecurity kernel help/questions

Post by gerald_clark » 2014/04/17 20:18:31

CentOS uses selinux, not grsecurity.
We do not support cPaneled machines. They replace so much of CentOS with their own compiled software that it is no longer CentOS
and CentOS advice will likely break it even more.
You must go to cPanel for support.
Top
CBG
Posts: 2
Joined: 2014/04/17 20:01:15

Re: grsecurity kernel help/questions

Post by CBG » 2014/04/17 20:26:19

TrevorH wrote:The CentOS kernel already includes selinux and I believe that that is incompatible with grsecurity. You have to have one or the other not both and since CentOS has already chosen selinux and all the tooling is geared around it, why are you trying to change?
It had a custom grs kernel before, not installed by me, but by OVH, and I install the CentOS version to get CSF working, which is has.
I would like to go back to a grs kernel
gerald_clark wrote:CentOS uses selinux, not grsecurity.
We do not support cPaneled machines. They replace so much of CentOS with their own compiled software that it is no longer CentOS
and CentOS advice will likely break it even more.
You must go to cPanel for support.
Ok thank you
Top
Post Reply

Return to “CentOS 6 - General Support”