Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Programming
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Databases
Mail Systems
openSolaris
Eclipse Documentation
Techotopia.com
Virtuatopia.com
Answertopia.com

How To Guides
Virtualization
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Windows
Problem Solutions
Privacy Policy

  




 

 

7.3. Securing the kernel

The secure Linux kernel patches from the Openwall Project are a great way to prevent attacks like Stack Buffer Overflows, and others. The Openwall patch is a collection of security-related features for the Linux kernel, all configurable via the new Security options configuration section that will be added to your new Linux kernel. This patch may change from version to version, and some may contain various other security fixes.

New features of patch version linux-2_2_14-ow2_tar.gz are:

  • Non-executable user stack area

  • Restricted links in /tmp

  • Restricted FIFOs in /tmp

  • Restricted /proc

  • Special handling of fd 0, 1, and 2

  • Enforce RLIMIT_NPROC on execve(2)

  • Destroy shared memory segments not in use

Important: When applying the linux-2_2_14-ow2 patch, a new Security options section will be added at the end of your kernel configuration. For more information and description of the different features available with this patch, see the README file that come with the source code of the patch.

Applying the patch
             [root@deep] /#cp linux-2_2_14-ow2_tar.gz /usr/src/ (1)
             [root@deep] /#cd /usr/src/                         (2)
             [root@deep ]/src#tar xzpf linux.2_2_14-ow2_tar.gz (3)
             [root@deep ]/src#cd linux-2.2.14-ow2/  (4)
             [root@deep ] /linux-2.2.14-ow2#mv linux-2.2.14-ow2.diff /usr/src/  (5)
             [root@deep ] /linux-2.2.14-ow2#cd ..                               (6)
             [root@deep ]/src#patch -p0 <linux-2.2.14-ow2.diff     (7)
             [root@deep ]/src#rm -rf linux-2.2.14-ow2                 (8)
             [root@deep ]/src#rm -f  linux-2.2.14-ow2.diff             (9)
             [root@deep ]/src#rm -f  linux-2_2_14-ow2_tar.gz           (10)
             

(1)
First we copy the program archive to the /usr/src directory
(2)
then we move to the /usr/src directory
(3)
decompress the linux-2_2_14ow2_tar.gz archive
(4)(5)
We then move to the new uncompressed Linux patch, move the file linux-2.2.14-ow2.diff containing the patch to the /usr/src
(6)(7)
return to /usr/src and patch our kernel with the file linux-2.2.14-ow2.diff
(8)(9)(10)
Afterwards, we remove all files related to the patch.

Tip: All security messages related to the linux-2.2.14-ow2 patch, like the non-executable stack part, should be logged to the log file /var/log/messages.

The step of patching your new kernel is completed. Now follow the rest of this installation to build the Linux kernel and reboot.

 
 
  Published under the terms of the Open Publication License Design by Interspire