Skip to content

Instantly share code, notes, and snippets.

@mdeous

mdeous/ubuntu_grsec.md

Created October 29, 2015 10:57
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save mdeous/82c3ee9dd38ad69ec9e6 to your computer and use it in GitHub Desktop.
Save mdeous/82c3ee9dd38ad69ec9e6 to your computer and use it in GitHub Desktop.
Download ZIP
Ubuntu Grsecurity Kernel
Raw
ubuntu_grsec.md

Ubuntu Grsecurity Kernel

  • Ubuntu 14.04 (trusty)
  • Grsecurity 3.1-3.14.54-201510130857

Sources & Dependencies

  • Linux kernel sources and build dependencies
wget https://www.kernel.org/pub/linux/kernel/v3.x/linux-3.14.54.tar.xz
sudo apt-get build-dep --no-install-recommends linux-image-$(uname -r)
  • Ubuntu kernel overlay
git clone git://kernel.ubuntu.com/ubuntu/ubuntu-trusty.git
cp -a /usr/share/kernel-package ubuntu-package
cp ubuntu-trusty/debian/control-scripts/{postinst,postrm,preinst,prerm} ubuntu-package/pkg/image/
cp ubuntu-trusty/debian/control-scripts/headers-postinst ubuntu-package/pkg/headers/
  • Grsecurity patch (requires to be a Grsec customer/sponsor as the stable releases are no longer publicly available)
https://grsecurity.net/download-restrict/download-redirect.php?file=grsecurity-3.1-3.14.56-201510282003.patch

Compilation

  • Extract kernel sources and apply Grsecurity patch
tar xf linux-3.14.56.tar.xz
cd linux-3.14.56
patch -p1 < ../grsecurity-3.1-3.14.54-201510130857.patch
  • Configure Grsecurity and custom kernel options
make menuconfig
  • Compile
export CONCURRENCY_LEVEL="$(grep -c '^processor' /proc/cpuinfo)"
make-kpkg clean
sudo make-kpkg --initrd --append-to-version=-grsec --overlay-dir=../ubuntu-package kernel_image kernel_headers

Install

  • Install freshly built .deb packages
cd ..
sudo dpkg -i linux-*.deb
  • Reboot
  • Pray
@damoahdominic
Copy link

Wow. Impressive. I will sure say a word of prayer after that

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment