Building and Installing an RSBAC kernel
Building the kernel
Once we have configured the kernel with the required options we can build it in the normal way using make.
lisa linux # make
Installing the kernel
Once the kernel has been built we can copy it to our boot partition.
lisa linux # mount /boot
lisa linux # cp arch/i386/boot/bzImage /boot/kernel-2.6.14-rsbac-hardened-r1-max1
lisa linux # cp System.map /boot/System.map-2.6.14-rsbac-hardened-r1-max1
lisa linux # cp .config /boot/config-2.6.14-rsbac-hardened-r1-max1
lisa linux # cp arch/i386/boot/bzImage /boot/kernel-2.6.14-rsbac-hardened-r1-max1
lisa linux # cp System.map /boot/System.map-2.6.14-rsbac-hardened-r1-max1
lisa linux # cp .config /boot/config-2.6.14-rsbac-hardened-r1-max1
Reconfiguring GRUB
Now we need to edit our GRUB configuration file to boot this kernel as the default.
lisa linux # nano -w /boot/grub/grub.conf
Insert the following lines as the first bootable entry in the file. If you have made a recovery partition then remember to put this entry after the recovery options.
/boot/grub/grub.conf
title=Gentoo Linux 2.6.14-rsbac-hardened-r1 Max-1
root (hd0,0)
kernel /kernel-2.6.14-rsbac-hardened-r1-max1 root=/dev/ida/c0d0p5 rsbac_softmode
savedefault fallback
If you omit the rsbac_softmode kernel option at this
stage you will not be able to login as the /bin/login
application has not yet been granted set_uid rights.
The rsbac_softmode kernel option should be removed once
configuration is complete. It allows the system to report the access
denied errors which would occur had RSBAC been active without
actually stopping them.
Rebooting
Now that GRUB has been reconfigured to boot our new kernel, and our old kernel is still available in case of difficulties, we can unmount the boot partition and reboot.
lisa linux # umount /boot
lisa linux # shutdown -r now
lisa linux # shutdown -r now