给Ubuntu编译Grsecurity加固过的内核

首先我们需要了解一下,到底什么是Grsecurity, Grsecurity有什么用?

The Grsecurity project
The grsecurity project, hosted on http://grsecurity.net, provides various patches to the Linux kernel which enhance a system’s overall security. The various features brought by grsecurity are discussed in the next chapter; a comprehensive list is maintained on the grsecurity features page itself.

As grsecurity’s features are mostly kernel-based, the majority of this document explains the various kernel features and their respective sysctl operands (if applicable).

这是一种被用于加固内核的一个补丁,具体的features请查阅本文后的 References 模块

#Prerequisites:
git clone https://github.com/ChizuruAmamiya/ubuntu-linux-grsecurity.git
cd ubuntu-linux-grsecurity
sudo apt install libncurses5-dev build-essential kernel-package git-core gcc gcc-5-plugin-dev make libssl-dev lintian

# Import Brad Spengler's GPG key which is needed for validation of the grsecurity patches.

wget https://grsecurity.net/spender-gpg-key.asc
gpg --import spender-gpg-key.asc

# Import the Linux stable GPG key which is required for validation of Linux Kernel.
gpg --recv 6092693E

# Build linux-grsecurity_<version>.deb
fakeroot make ##非root环境
make ##root环境

References:
https://wiki.gentoo.org/wiki/Hardened/Grsecurity2_Quickstart
http://grsecurity.net/
http://grsecurity.net/PaX-presentation_files/frame.htm
http://pax.grsecurity.net/
https://github.com/dolanjs/ubuntu-grsec

anyShare分享到:

0 条评论

昵称

沙发空缺中,还不快抢~