Securing-Optimizing-RH-Linux-1_2_78
Comments and suggestions concerning this book should be mailed to gmourani@videotron.ca
© Copyright 1999-2000 Gerhard Mourani and Open Network Architecture ®
78
Secure Linux Kernel Patches Homepage: http://www.openwall.com/linux/
You must be sure to download: linux-2_2_14-ow2_tar.gz
Making an emergency boot floppy
The first pre-install step is to make an emergency boot floppy. Linux has a small utility named
mkbootdisk to simply do this. The first step is to find out what kernel version, you are currently
using. Check out your /etc/lilo.conf file and see which image was booted from and from this
image we can find the kernel version we need to make our emergency boot floppy. On my
example, I have the following in the lilo.conf file.
[root@deep /]# cat /etc/lilo.conf
boot=/dev/sda
map=/boot/map
install=/boot/boot.b
prompt
timeout=50
image=/boot/vmlinuz-2.2.12-20
the kernel version
label=linux
the image we booted from
root=/dev/sda6
initrd=/boot/initrd-2.2.12-20.img
read-only
Now youll need to find the image that you booted from. On a standard new first installed, it will be
the one-labeled linux. In the above example we show that the machine booted using the
/boot/vmlinuz-2.2.12-20 original kernel version of the system. Now we simply need to put a
formatted 1.44 floppy in our system and execute the following command as root:
[root@deep /]# mkbootdisk --device /dev/fd0 2.2.12-20
Insert a disk in /dev/fd0. Any information on the disk will be lost.
Press <Enter> to continue or ^C to abort:
Following these guidelines, you will now have a boot floppy with a known working kernel in case
of problems with the upgrade. I recommend rebooting the system with the floppy to make sure
that the floppy works correctly.
Optimization
Step 1
Decompress the tarball (tar.gz).
[root@deep /]# cp linux-version_tar.gz /usr/src/
[root@deep /]# cd /usr/src/
[root@deep src]# rm -rf linux (This is a symbolic link)
[root@deep src]# rm -rf linux-2.2.xx (This is your actual directory of kernel header files)
NOTE: The steps above of removing the Linux symbolic link (rm -rf linux) and Linux kernel headers
directory (linux-2.2.xx), are require only if you already have installed a Linux kernel with a tar
archive before. If it is a first, fresh install of Linux kernel, then instead uninstall the kernel-
headers-version.i386.rpm, kernel-version.i386.rpm package that must be on your system and the
symbolic link (/usr/src/linux) for the Linux kernel will be automatically removed with all it related
modules files (/lib/modules/2.2.xx) and it kernel headers directory (/usr/src/linux-2.2.xx).
If the original kernels RPM package are installed on your system instead of the Linux kernel tar
archive, because you have just finished to install your new Linux system, or have using a RPM