HostedDB - Dedicated UNIX Servers

Securing-Optimizing-RH-Linux-1_2_88
Comments and suggestions concerning this book should be mailed to gmourani@videotron.ca © Copyright 1999-2000 Gerhard Mourani and Open Network Architecture ® 88 Recall, we had created three symlinks under the “/usr/include” directory that point to the Linux kernel to be able to compile it without receiving error and also be able to compile future programs. The “/usr/include” directory” is where all header files of your Linux system are kept for reference and dependencies when you compile and install new programs. The asm, linux, and scsi links are used when program require to know some functions in compile time specific to the kernel installed on your system. Programs call other headers on the “include” directory when they must know specific information, dependencies, etc of your system.   [root@deep /]# mkdir -p /usr/src/linux-2.2.14/include [root@deep /]# cp -r /usr/src/linux/include/asm-generic /usr/src/linux-2.2.14/include [root@deep /]# cp -r /usr/src/linux/include/asm-i386 /usr/src/linux-2.2.14/include [root@deep /]# cp -r /usr/src/linux/include/linux /usr/src/linux-2.2.14/include [root@deep /]# cp -r /usr/src/linux/include/net /usr/src/linux-2.2.14/include [root@deep /]# cp -r /usr/src/linux/include/video /usr/src/linux-2.2.14/include [root@deep /]# cp -r /usr/src/linux/include/scsi /usr/src/linux-2.2.14/include [root@deep /]# rm -rf /usr/src/linux [root@deep /]# cd /usr/src [root@deep src]# ln -s /usr/src/linux-2.2.14 linux First we create a new directory named “linux-2.2.14” based on the version of the kernel we have installed for easy interpretation, then we copy directories asm-generic, asm-i386, linux, net, video, and scsi from “/usr/linux/include” to our new place “/usr/src/linux-2.2.14/include”. After we remove the entire source directory where we had compiled the new kernel and create a new symbolic link named “linux” under “/usr/src” that point to our new “/usr/src/linux- 2.2.14/include” directory. With these steps, future compiled programs will know where to look for header related to the kernel on your server. NOTE: This step will allow us to gain space on our hard drive and will reduce the risk of security. The Linux kernel source directory handle lot files and is about 75 MB in size when uncompressed. With the procedure described above, our Linux kernel directory began approximately 3 MB in size so we save 72 MB for the same functionalities. 6.     Finally, you need to edit the “/etc/lilo.conf” file to make your new kernel one of the boot time options: Step 1 Edit the lilo.conf file (vi /etc/lilo.conf) and make the appropriated change on the line that read “image=/boot/”. [root@deep /]# vi /etc/lilo.conf boot=/dev/sda map=/boot/map install=/boot/boot.b prompt timeout=00 restricted password=somepasswd image=/boot/vmlinuz-kernel.version.number #(add your new kernel name file here). label=linux root=/dev/sda6 read-only NOTE: Don’t forget to remove the line that read “initrd=/boot/initrd-2.2.12-20.img” in the “lilo.conf” file, since this line is not necessary now (monolithic kernel don’t need an initrd file).