Securing-Optimizing-RH-Linux-1_2_88
Comments and suggestions concerning this book should be mailed to gmourani@videotron.ca
© Copyright 1999-2000 Gerhard Mourani and Open Network Architecture ®
88
Recall, we had created three symlinks under the /usr/include directory that point to the Linux
kernel to be able to compile it without receiving error and also be able to compile future
programs. The /usr/include directory is where all header files of your Linux system are kept
for reference and dependencies when you compile and install new programs. The asm, linux,
and scsi links are used when program require to know some functions in compile time
specific to the kernel installed on your system. Programs call other headers on the include
directory when they must know specific information, dependencies, etc of your system.
[root@deep /]# mkdir -p /usr/src/linux-2.2.14/include
[root@deep /]# cp -r /usr/src/linux/include/asm-generic /usr/src/linux-2.2.14/include
[root@deep /]# cp -r /usr/src/linux/include/asm-i386 /usr/src/linux-2.2.14/include
[root@deep /]# cp -r /usr/src/linux/include/linux /usr/src/linux-2.2.14/include
[root@deep /]# cp -r /usr/src/linux/include/net /usr/src/linux-2.2.14/include
[root@deep /]# cp -r /usr/src/linux/include/video /usr/src/linux-2.2.14/include
[root@deep /]# cp -r /usr/src/linux/include/scsi /usr/src/linux-2.2.14/include
[root@deep /]# rm -rf /usr/src/linux
[root@deep /]# cd /usr/src
[root@deep src]# ln -s /usr/src/linux-2.2.14 linux
First we create a new directory named linux-2.2.14 based on the version of the kernel we
have installed for easy interpretation, then we copy directories asm-generic, asm-i386, linux,
net, video, and scsi from /usr/linux/include to our new place /usr/src/linux-2.2.14/include.
After we remove the entire source directory where we had compiled the new kernel and
create a new symbolic link named linux under /usr/src that point to our new /usr/src/linux-
2.2.14/include directory. With these steps, future compiled programs will know where to look
for header related to the kernel on your server.
NOTE: This step will allow us to gain space on our hard drive and will reduce the risk of
security. The Linux kernel source directory handle lot files and is about 75 MB in size when
uncompressed. With the procedure described above, our Linux kernel directory began
approximately 3 MB in size so we save 72 MB for the same functionalities.
6. Finally, you need to edit the /etc/lilo.conf file to make your new kernel one of the boot
time options:
Step 1
Edit the lilo.conf file (vi /etc/lilo.conf) and make the appropriated change on the line that read
image=/boot/.
[root@deep /]# vi /etc/lilo.conf
boot=/dev/sda
map=/boot/map
install=/boot/boot.b
prompt
timeout=00
restricted
password=somepasswd
image=/boot/vmlinuz-kernel.version.number #(add your new kernel name file here).
label=linux
root=/dev/sda6
read-only
NOTE: Dont forget to remove the line that read initrd=/boot/initrd-2.2.12-20.img in the lilo.conf
file, since this line is not necessary now (monolithic kernel dont need an initrd file).