How to: Compile Linux kernel 2.6

Posted on in Categories CentOS, Debian Linux, GNU/Open source, Howto, Linux last updated September 29, 2005

Compiling custom kernel has its own advantages and disadvantages. However, new Linux user / admin find it difficult to compile Linux kernel. Compiling kernel needs to understand few things and then just type couple of commands. This step by step howto covers compiling Linux kernel version 2.6.xx under Debian GNU Linux. However, instructions remains the same for any other distribution except for apt-get command.

Step # 1 Get Latest Linux kernel code

Visit http://kernel.org/ and download the latest source code. File name would be linux-x.y.z.tar.bz2, where x.y.z is actual version number. For example file inux-2.6.25.tar.bz2 represents 2.6.25 kernel version. Use wget command to download kernel source code:
$ cd /tmp
$ wget http://www.kernel.org/pub/linux/kernel/v2.6/linux-x.y.z.tar.bz2

Note: Replace x.y.z with actual version number.

Step # 2 Extract tar (.tar.bz3) file

Type the following command:
# tar -xjvf linux-2.6.25.tar.bz2 -C /usr/src
# cd /usr/src

Step # 3 Configure kernel

Before you configure kernel make sure you have development tools (gcc compilers and related tools) are installed on your system. If gcc compiler and tools are not installed then use apt-get command under Debian Linux to install development tools.
# apt-get install gcc

Now you can start kernel configuration by typing any one of the command:

  • $ make menuconfig – Text based color menus, radiolists & dialogs. This option also useful on remote server if you wanna compile kernel remotely.
  • $ make xconfig – X windows (Qt) based configuration tool, works best under KDE desktop
  • $ make gconfig – X windows (Gtk) based configuration tool, works best under Gnome Dekstop.

For example make menuconfig command launches following screen:
$ make menuconfig

You have to select different options as per your need. Each configuration option has HELP button associated with it so select help button to get help.

Step # 4 Compile kernel

Start compiling to create a compressed kernel image, enter:
$ make
Start compiling to kernel modules:
$ make modules

Install kernel modules (become a root user, use su command):
$ su -
# make modules_install

Step # 5 Install kernel

So far we have compiled kernel and installed kernel modules. It is time to install kernel itself.
# make install

It will install three files into /boot directory as well as modification to your kernel grub configuration file:

  • System.map-2.6.25
  • config-2.6.25
  • vmlinuz-2.6.25

Step # 6: Create an initrd image

Type the following command at a shell prompt:
# cd /boot
# mkinitrd -o initrd.img-2.6.25 2.6.25

initrd images contains device driver which needed to load rest of the operating system later on. Not all computer requires initrd, but it is safe to create one.

Step # 7 Modify Grub configuration file – /boot/grub/menu.lst

Open file using vi:
# vi /boot/grub/menu.lst

title           Debian GNU/Linux, kernel 2.6.25 Default
root            (hd0,0)
kernel          /boot/vmlinuz root=/dev/hdb1 ro
initrd          /boot/initrd.img-2.6.25
savedefault
boot

Remember to setup correct root=/dev/hdXX device. Save and close the file. If you think editing and writing all lines by hand is too much for you, try out update-grub command to update the lines for each kernel in /boot/grub/menu.lst file. Just type the command:
# update-grub
Neat. Huh?

Step # 8 : Reboot computer and boot into your new kernel

Just issue reboot command:
# reboot
For more information see:

  • Our Exploring Linux kernel article and Compiling Linux Kernel module only.
  • Official README file has more information on kernel and software requirement to compile it. This file is kernel source directory tree.
  • Documentation/ directory has interesting kernel documentation for you in kernel source tree.

How to save your live CD session online

Posted on in Categories News last updated September 27, 2005

I use different Live distro for various purpose. Either you can save data on USB pen or hard disk partition. Most of the time all modification or downloads during a Live CD session is kept in RAM until system is rebooted… and then it’s gone/lost.
However new live CD called SLAX allow you to save your session online 😀 This is very handy as I use multiple computers. Visit online to download CD and read more on webconfig online.

FreeBSD Enable Security Port Auditing to Avoid Vulnerabilities With portaudit

Posted on in Categories FreeBSD, Howto, Security, Sys admin, Tip of the day, Tips last updated September 26, 2005

This is new nifty and long term demanded feature in FreeBSD. A port called portaudit provides a system to check if installed ports are listed in a database of published security vulnerabilities. After installation it will update this security database automatically and include its reports in the output of the daily security run. If you get message like as follows

Vulnerability check disabled, database not found

You need install small port called portaudit. From the man page:

portaudit checks installed packages for known vulnerabilities and generates reports including references to security advisories. Its intended audience is system administrators and individual users. portaudit checks installed packages for known vulnerabilities and generates reports including references to security advisories. Its intended audience is system administrators and individual users.

Install portaudit

1) Install port auditing (login as root)
# cd /usr/ports/ports-mgmt/portaudit
Please note that old portaudit port was located at /usr/ports/security/portaudit/.
2) Install portaudit:
# make install clean
Output:

===>  WARNING: Vulnerability database out of date, checking anyway
===>  Extracting for portaudit-0.5.12
===>  Patching for portaudit-0.5.12
===>  Configuring for portaudit-0.5.12
===>  Building for portaudit-0.5.12
===>  Installing for portaudit-0.5.12
===>   Generating temporary packing list
===>  Checking if ports-mgmt/portaudit already installed
===>   Compressing manual pages for portaudit-0.5.12
===>   Registering installation for portaudit-0.5.12
===>  Cleaning for portaudit-0.5.12

3) Fetch the database so that port auditing get activated immediately. By default it install a shell script ‘portaudit’ in /usr/local/etc/periodic/security/:
# /usr/local/sbin/portaudit -Fda
Output:

auditfile.tbz                                 100% of   47 kB  405 kBps
New database installed.
Database created: Wed Feb 27 06:10:01 CST 2008
0 problem(s) in your installed packages found.

Where,

  • -F: Fetch the current database from the FreeBSD servers.
  • -d: Print the creation date of the database.
  • -a: Print a vulnerability report for all installed packages

4) portaudit script automatically get called via FreeBSD’s periodic (cron job) facility. So your database get updated automatically everyday.

Let us assume you would like to install a port called sudo. If it has known vulnerabilities it will not install sudo:
# cd /usr/ports/security/sudo
# make install clean

===>  sudo-1.6.8.7 has known vulnerabilities:
=> sudo -- local race condition vulnerability.
   Reference: &tt;http://www.FreeBSD.org/ports/portaudit/3bf157fa-
e1c6-11d9-b875-0001020eed82.html>
=> Please update your ports tree and try again.
*** Error code 1

Stop in /usr/ports/security/sudo.

For more information refer portaudit man page:
$ man portaudit

Protecting Linux against automated attackers

Posted on in Categories News last updated September 25, 2005

So you wanna block script kiddies? Most of the new crackers who wanna crack your server they use port scanners, dictionary attacks and what not… Blocking them automatically is the subject of this article.

It discuss how to protect Linux against automated attacks using tools. It is worth to read it. Before reading this I had my small perl script which is used to monitor /var/log/secure and if more login failed attempt found it will send an email to us and then we use to block IPs at router/server itself.

How do I Apply Debian Linux Security update?

Posted on in Categories News last updated September 25, 2005

It is very easy to update Debian Linux over Internet so that you can get updated packages in stable distribution. This short article explains you how to keep up to date your Debian server/workstation along with small tips.

Step # 1 Configure Debian to get updates

You need to configure the package resource list, which is used to locate archives of the package distribution system in use on the system. You need to edit file /etc/apt/sources.list. However Debian comes with different tools to save your life (pick any one of the following to configure your system)

Option I:
If you are using GUI (KDE/Gnome) use synaptic GUI package manager (/usr/sbin/synaptic) is the best choice for you. Synaptic is a frontend for the apt package managent system. Assuming that you are using Gnome Desktop > Click on Application > System Tools > Synaptic Package Manage. It will ask you to authenticate, please supply root user password. Once Synaptic is on screen, select Properties > Repositories. If you can not find URL http://security.debian.org/, then click on New button and add the information as follows:
URL: http://security.debian.org/
Distribution: testing/updates
Section: main contrib

Where,
URL can be cdrom, file, http, and ftp. This is the place where apt will search for updates and packages.

Distribution specifies our distibution type for example it can be stable, unstable or testing.
Stable distribution used on production system.
Testing is like beta distribution, mostly after some time this moves to statble distribution,
Unstable is under development distribution.

Section specifies what component you would like to get. For example main component includes most of the packages, where contrib packages are contributed by users and so on.

Option II:
If you are using command line then use apt-setup command. It is an interactive program that simplifies adding sources to apt’s sources.list. It knows about all the major debian mirrors and can help you select one. On remote debian server over ssh this tool will save you. Most admin uses this option to configure/reconfigure apt source list. Login as root and type command:
# apt-setup
Follow on screen instructions.

(A) Select http/ftp server to get updates:

(B) Select nearest mirror country wise, this is essential for speedy download:

(C) Setup proxy server, username and password. This is only required if you don’t have direct access to Internet else please press enter key:

(D) Save the configuration and exit as you don’t have any more APT configuration required:

Option III: Edit file /etc/apt/sources.list
This is the fastest way to specify list of Internet site to get updates. Login as root user and fire vi text editor:
# vi /etc/apt/sources.list

Please add following lines to it:
deb http://ftp.iitm.ac.in/debian/ testing main
deb http://security.debian.org/ testing/updates main contrib

Save the file and exit to command prompt. I’m using ftp.iitm.ac.in to get all packages. This is the nearest mirror for me. If not sure then I recommend to use apt-setup tool. This tool aware of mirror according to your country.

Step # 2: Resynchronize the package index files

It is important to this step. This enables to fetch information of updated packages. Type apt-get command as follows:
# apt-get update

Hit http://ftp.iitm.ac.in testing/main Packages
Hit http://ftp.iitm.ac.in testing/main Release
Hit http://security.debian.org testing/updates/main Packages
Hit http://security.debian.org testing/updates/main Release
Hit http://security.debian.org testing/updates/contrib Packages
Hit http://security.debian.org testing/updates/contrib Release
Reading Package Lists... Done

Step # 3: Upgrade the Debian

You got list of updated package list, naturally next logical step is to upgrade system. Just type following command.
# apt-get upgrade

Building Dependency Tree... Done
The following packages have been kept back:
   apache-common base-config bind9-ho...
.....
443 upgraded, 0 newly installed, 0 to remove and 374 not upgraded.
Need to get 249MB of archives.
After unpacking 39.8MB of additional disk space will be used.
Do you want to continue? [Y/n]

Hit enter key to get updates. Please note that this will take some time.

Optional information

Following tips may give you more information.

Q. How do I find Debian package is upgradeable or not?
A:
You must have a command called apt-show-versions installed on system. First install it:
# apt-get install apt-show-versions
Next just type apt-show-versions command to get only list of upgradeable packages :
# apt-show-versions -u | less
Or better grep it:
# apt-show-versions -u | grep “apache”

Q: How do I upgrade all packages in testing:
A:
Well, you can use above procedure or use apt-show-versions command as follows:
# apt-get install $(apt-show-versions -u -b | fgrep testing)

Q: How do I upgrade specific packages
Very easy just type package name, for example if you wish to upgrade apache-perl package then type:
# apt-get install apache-perl
This is useful if you just wish to upgrade single package and not entire system.

For more information:
* Read man pages of apt-get(8), sources.lst(5)
* Read official Debian security information.
* Subscribe debian-security-announce mailing list. This is the first place where the security team informs the users about security problems about Debian packages.

Update 26-Sep-05, 01:27 AM:

You might experience some problem while doing upgrade, check out small update by our regular contributor on forum.

Resize Windows Partition with Open Source Software

Posted on in Categories Download of the day, Howto, Linux, Linux desktop, Windows, Windows server last updated September 16, 2005

You would like to install Linux/BSD Os but windows partition is taking up your whole hard disk space. Or you don’t want to pay money to resize hard disk partition (tools like partition magic costs money). Not to worry you can resize partition with KNOPPIX Live Linux CD.

RESIZE PARTITION with Knoppix Live CD

Step #1 : Visit official Knoppix site and download live CD.

Step #2 : Burn Knoppix Live CD to DVD/CD media

Step #3 : Boot from CD

Step #4 : Boot into Knoppix > Open terminal > type command qtparted >

Step #5: Follow on screen instructions to resize your windows partition

Update: We are updating this howto. Please come back later or browse all our latest tips & tricks from home page. You may also try out following softwares for resize windows partition :

Related articles:

  1. Maximum Partition size supported by Linux
  2. Mount remote windows partition (windows share) under Linux
  3. The importance of Linux partitions
  4. Restore Debian Linux Grub boot loader
  5. Series: Understanding UNIX/Linux file system

Translation: