A few GrSecurity Questions

Portal Home > Knowledgebase > Articles Database > A few GrSecurity Questions

Posted by Calue, 10-22-2012, 03:19 PM
I'm kind of new to this whole GrSecurity thing and have a few question. I have a CentOS 5 Dedicated Server, can I use the 2.6.32.60 kernel + GrSec patch on it? Will I be able to create an XEN Kernel for HVM using the 2.6.32.60 kernel then apply grsec patch? Should I use GrSec on my Hosting, VPS and SolusVM Master server? Is there an easier way to configure the new kernel? I have tried copying the config over from the old kernel but the server fails to boot (kernel panic somewhere?) currently I am stuck with editing it by hand. Any help would be greatly appreciated.
Posted by BestServerSupport, 10-23-2012, 09:22 AM
I would suggest giving grsec a try on a test VM first rather than in production environment directly. By this way, you will get a feel for how it's set up. Doing the "trial and error" thing on a production box is never going to be fun!
Posted by TravisT-[SSS], 10-23-2012, 09:23 AM
GRSecurity is a trial and error kernel. It effects how everything is ran. Which means you need to understand the options and how they work and enable them in blocks and see what breaks.
Posted by Calue, 10-23-2012, 12:25 PM
Well my main problem is it just not booting at all, I cant seem to get it working tbh. I think it was because the first few times i copied the config from a 2.6.32-279 kernel so maybe there is a difference in config. Would you suggest it is ok to run hosting and VPS hosting without it? My first idea was to get grsec done ASAP, so if anything goes wrong I can deal with it easily as we have not started selling yet.
Posted by TravisT-[SSS], 10-23-2012, 12:28 PM
How are you configuring and compiling the kernel? Did you use make oldconfig?
Posted by Calue, 10-23-2012, 01:28 PM
No, i just used make menuconfig. Should i try make oldconfig?
Posted by TravisT-[SSS], 10-23-2012, 01:46 PM
I would do a make oldconfig first and see how that goes. We have followed that style and have not had problems with the kernel change.
Posted by Calue, 10-23-2012, 06:19 PM
Going to give that a go, will report back. Any idea if i can do this on Xen HVM kernels too?
Posted by Calue, 10-23-2012, 06:35 PM
Another question, can i just click enter trough the Y/N/? options of make menuconfig or do i have to select each one?
Posted by TravisT-[SSS], 10-23-2012, 06:59 PM
Yes, you can. You can hold down the enter key. What you are seeing are the differences. The GRSec options are at the bottom so depending on the version differences it could be a long way down. Once done, you can then follow up with make menuconfig and edit the config.
Posted by Calue, 10-23-2012, 07:56 PM
Getting this error on "make BzImage" grsecurity/gracl.c: In function â__do_handle_createâ: grsecurity/gracl.c:2779: error: âinoâ undeclared (first use in this function) grsecurity/gracl.c:2779: error: (Each undeclared identifier is reported only once grsecurity/gracl.c:2779: error: for each function it appears in.) make[1]: *** [grsecurity/gracl.o] Error 1
Posted by TravisT-[SSS], 10-23-2012, 08:08 PM
This a clean vanilla kernel that the patch was applied to?
Posted by Calue, 10-23-2012, 08:23 PM
2.6.32.60 kernel I had just downloaded from kernels.org