Securing-Optimizing-RH-Linux-1_2_86
Comments and suggestions concerning this book should be mailed to gmourani@videotron.ca
© Copyright 1999-2000 Gerhard Mourani and Open Network Architecture ®
86
/dev/pts filesystem for Unix98 PTYs (CONFIG_DEVPTS_FS) [Y/n/?]
ROM filesystem support (CONFIG_ROMFS_FS) [N/y/?]
Second extended fs support (CONFIG_EXT2_FS) [Y/n/?]
System V and Coherent filesystem support (CONFIG_SYSV_FS) [N/y/?]
UFS filesystem support (CONFIG_UFS_FS) [N/y/?]
Network File Systems
Coda filesystem support (advanced network fs) (CONFIG_CODA_FS) [N/y/?]
NFS filesystem support (CONFIG_NFS_FS) [Y/n/?] N
SMB filesystem support (to mount WfW shares etc.) (CONFIG_SMB_FS) [N/y/?]
NCP filesystem support (to mount NetWare volumes) (CONFIG_NCP_FS) [N/y/?]
Partition Types
BSD disklabel (BSD partition tables) support (CONFIG_BSD_DISKLABEL) [N/y/?]
Macintosh partition map support (CONFIG_MAC_PARTITION) [N/y/?]
SMD disklabel (Sun partition tables) support (CONFIG_SMD_DISKLABEL) [N/y/?]
Solaris (x86) partition table support (CONFIG_SOLARIS_X86_PARTITION) [N/y/?]
Console drivers
VGA text console (CONFIG_VGA_CONSOLE) [Y/n/?]
Video mode selection support (CONFIG_VIDEO_SELECT) [N/y/?]
Sound
Sound card support (CONFIG_SOUND) [N/y/?]
(Security options will appear only if your are patched your kernel with the Openwall Project patch).
Security options
Non-executable user stack area (CONFIG_SECURE_STACK) [Y]
Autodetect and emulate GCC trampolines (CONFIG_SECURE_STACK_SMART) [Y]
Restricted links in /tmp (CONFIG_SECURE_LINK) [Y]
Restricted FIFOs in /tmp (CONFIG_SECURE_FIFO) [Y]
Restricted /proc (CONFIG_SECURE_PROC) [N] Y
Special handling of fd 0, 1, and 2 (CONFIG_SECURE_FD_0_1_2) [Y]
Enforce RLIMIT_NPROC on execve(2) (CONFIG_SECURE_RLIMIT_NPROC) [Y]
Destroy shared memory segments not in use (CONFIG_SECURE_SHM) [N] Y
Kernel hacking
Magic SysRq key (CONFIG_MAGIC_SYSRQ) [N/y/?]
Now, return to the /usr/src/linux/ directory (if you are not already on). You need to compile the
new kernel. You do so by using the following command:
[root@deep linux]# make dep; make clean; make bzImage
This line contains three commands in one. The first one, make dep, actually takes your
configuration and builds the corresponding dependency tree. This process determines what gets
compiled and what doesnt. The next step, make clean, erase all previous traces of a compilation
so as to avoid any mistakes in which version of a feature gets tied into the kernel. Finally, make
bzImage does the full compilation of the kernel.
After the process is complete, the kernel is compressed and ready to be installed on your system.
Before we can install the new kernel, we must know if we need to compile the corresponding
modules. This is requiring only if youre saying Yes to Enable loadable module support
(CONFIG_MODULES) and are compiled some options in the kernel configuration above as a
module. In this case, you must execute the following commands:
·
To compile the corresponding modules of your kernel, use the following command: