HostedDB - Dedicated UNIX Servers

Securing-Optimizing-RH-Linux-1_2_78
Comments and suggestions concerning this book should be mailed to gmourani@videotron.ca © Copyright 1999-2000 Gerhard Mourani and Open Network Architecture ® 78 Secure Linux Kernel Patches Homepage: http://www.openwall.com/linux/ You must be sure to download: linux-2_2_14-ow2_tar.gz Making an emergency boot floppy The first pre-install step is to make an emergency boot floppy. Linux has a small utility named “mkbootdisk” to simply do this. The first step is to find out what kernel version, you are currently using. Check out your “/etc/lilo.conf” file and see which image was booted from and from this image we can find the kernel version we need to make our emergency boot floppy. On my example, I have the following in the lilo.conf file. [root@deep /]# cat /etc/lilo.conf boot=/dev/sda map=/boot/map install=/boot/boot.b prompt timeout=50 image=/boot/vmlinuz-2.2.12-20 the kernel version label=linux the image we booted from root=/dev/sda6 initrd=/boot/initrd-2.2.12-20.img read-only Now you’ll need to find the image that you booted from. On a standard new first installed, it will be the one-labeled linux. In the above example we show that the machine booted using the “/boot/vmlinuz-2.2.12-20” original kernel version of the system. Now we simply need to put a formatted 1.44 floppy in our system and execute the following command as root: [root@deep /]# mkbootdisk --device /dev/fd0 2.2.12-20 Insert a disk in /dev/fd0. Any information on the disk will be lost. Press <Enter> to continue or ^C to abort: Following these guidelines, you will now have a boot floppy with a known working kernel in case of problems with the upgrade. I recommend rebooting the system with the floppy to make sure that the floppy works correctly. Optimization Step 1 Decompress the tarball (tar.gz). [root@deep /]# cp linux-version_tar.gz /usr/src/ [root@deep /]# cd /usr/src/ [root@deep src]# rm -rf linux (This is a symbolic link) [root@deep src]# rm -rf linux-2.2.xx (This is your actual directory of kernel header files) NOTE: The steps above of removing the Linux symbolic link (rm -rf linux) and Linux kernel headers directory (linux-2.2.xx), are require only if you already have installed a Linux kernel with a tar archive before. If it is a first, fresh install of Linux kernel, then instead uninstall the kernel- headers-version.i386.rpm, kernel-version.i386.rpm package that must be on your system and the symbolic link (/usr/src/linux) for the Linux kernel will be automatically removed with all it related modules files (/lib/modules/2.2.xx) and it kernel headers directory (/usr/src/linux-2.2.xx). If the original kernels RPM package are installed on your system instead of the Linux kernel tar archive, because you have just finished to install your new Linux system, or have using a RPM