The Grsecurity project
The grsecurity project, hosted on http://grsecurity.net, provides various patches to the Linux kernel which enhance a system’s overall security. The various features brought by grsecurity are discussed in the next chapter; a comprehensive list is maintained on the grsecurity features page itself.
As grsecurity’s features are mostly kernel-based, the majority of this document explains the various kernel features and their respective sysctl operands (if applicable).
这是一种被用于加固内核的一个补丁，具体的features请查阅本文后的 References 模块
#Prerequisites: git clone https://github.com/ChizuruAmamiya/ubuntu-linux-grsecurity.git cd ubuntu-linux-grsecurity sudo apt install libncurses5-dev build-essential kernel-package git-core gcc gcc-5-plugin-dev make libssl-dev lintian # Import Brad Spengler's GPG key which is needed for validation of the grsecurity patches. wget https://grsecurity.net/spender-gpg-key.asc gpg --import spender-gpg-key.asc # Import the Linux stable GPG key which is required for validation of Linux Kernel. gpg --recv 6092693E # Build linux-grsecurity_<version>.deb fakeroot make ##非root环境 make ##root环境