Securing-Optimizing-RH-Linux-1_2_89
Comments and suggestions concerning this book should be mailed to gmourani@videotron.ca
© Copyright 1999-2000 Gerhard Mourani and Open Network Architecture ®
89
Step 2
Once the name of the new kernel version has been putted in the lilo.conf file as show above, we
update our lilo.conf file for the change to take effect with the following command:
[root@deep /]# /sbin/lilo -v
LILO version 21, [Copyright 1992-1998 Werner Almesberger
Reading boot sector from /dev/sda
Merging with /boot/boot.b
Boot image: /boot/vmlinuz-2.2.14
Added linux *
/boot/boot.0800 exits no backup copy made.
Writing boot sector.
IMPORTANT NOTE: If you say NO to the configuration option Unix98 PTY support
(CONFIG_UNIX98_PTYS) during your kernel configuration, you must edit the /etc/fstab file and
remove the line that read:
none
/dev/pts
devpts
gid=5,mode=620
0 0
Delete program, file and lines related to modules
By default when you install Red Hat Linux for the first time (like we do), the kernel is built as a
modularized kernel. This means that each devices or functions we need exists as modules and
are controlled by Kernel Daemon program named kmod, which automatically loads some
modules and functions support into memory as it is needed, and uploads it when its no longer
being used.
The kmod as well as other module management programs included in the modutils RPM
package use the conf.modules file located in the /etc directory to know for example which
Ethernet card you have, if your Ethernet card requires special configuration and so on. Since we
are not using any modules in our new compiled kernel, we can remove the conf.modules file
and uninstall completely the modutils package program.
·
To remove the conf.modules file, use the command:
[root@deep /]# rm -f /etc/conf.modules
·
To uninstall the modutils package, use the following command:
[root@deep /]# rpm -e --nodeps modutils
One last thing to do is to edit the file rc.sysinit and comment out all the lines related to
depmod -a by inserting a # at the beginning of the lines. This is needed since at boot time the
system read the rc.sysinit script to find module dependencies in the kernel by default.
Comment out the line 260 in the rc.sysinit file (vi +260 /etc/rc.d/rc.sysinit):
if [ -x /sbin/depmod -a -n "$USEMODULES" ]; then
To read:
#if [ -x /sbin/depmod -a -n "$USEMODULES" ]; then
Comment out the lines 272 to 277 in the rc.sysinit file (vi +272 /etc/rc.d/rc.sysinit):
if [ -L /lib/modules/default ]; then
INITLOG_ARGS= action "Finding module dependencies" depmod -a default