|
我正在使用Ubuntu 14.04并且非常喜歡我獲得自動內(nèi)核安全更新的事實(shí).修補(bǔ)內(nèi)核安全問題后,新版本將附帶一個(gè)新軟件包.我的計(jì)算機(jī)配置為每半小時(shí)掃描一次新的安全更新并自動安裝它們.我不必看郵件列表或CVE,我得到補(bǔ)丁.這是一個(gè)很好的系統(tǒng).
我在考慮運(yùn)行grsecurity,但它們需要您修補(bǔ)并手動重新編譯內(nèi)核.這有點(diǎn)問題,因?yàn)槲铱赡軙e(cuò)過Ubuntu上游提供的內(nèi)核安全更新.
有沒有辦法自動化內(nèi)核重新編譯,將補(bǔ)丁文件添加到進(jìn)程? 解決方法: 您確定自動內(nèi)核重新編譯需要嗎���?如果您使用Ubuntu存儲庫下載安全更新,則無需編譯它們.否則你的問題就會遺漏這一點(diǎn).
有幾種方法可以自動編譯內(nèi)核.例如,檢查此article
我在頁面中添加引用:
# Automated Kernel Recompilation By Avinash Shankar
# Note: This was done under RH-7.3 so plz verify the paths
# Warning: Please run the Script under Xwindows
#going to kernel sources directory:
echo Entering Kernel Source Directory................
cd /usr/src/linux-2.4/
#Cleaning dep files and objs:
echo Cleaning up Junk files..................
make clean
#Configuring your New Kernel:
echo Entering Graphical kernel config.....................
make xconfig
#Making the dependencies files:
echo Making the dependecies ..................
make dep
#Backing up old module files
echo All your module files and system.map files backed up ................
mv /lib/modules/2.4.18-3/modules.dep modules.dep.old
mv /usr/src/linux-2.4/System.map System.map.old
#Make a compressed kernel:
echo Compressing the kernel image ..............................................
make bzImage
#Copy the Image to /boot directory
echo Copying the bzImage to /boot Directory......................................................
cp /usr/src/linux-2.4/arch/i386/boot/bzImage /boot
#Make the modules :
echo Compiling the Modules ...............................
make modules
#Make the Installable modules used by the new kernel
echo Making the modules executable ...................................
make modules_install
#copy the System.map file to /boot
echo Copying System.map file to /boot ....................................
cp /usr/src/linux-2.4/System.map /boot
echo Thats it you are finished ! Cool now edit the lilo.conf or your grub.conf file
echo located in the /boot directory. Copy the kernel entries and replace kernel with
echo the bzImage file and the initrd entry with System.map
-----------------------------------------------------------------------------------------------
這些日子Live Kernel Patching也會讓你的生活更輕松.不幸的是它僅適用于Ubuntu 16.04
Since the release of the Linux 4.0 kernel about 18 months ago, users
have been able to patch and update their kernel packages without
rebooting.
來源:https://www./content-3-392451.html
|
