4

How can I install grsecurity on Ubuntu 16.04?

I tried searching google and I am not finding anything even on the ubuntu website or this site.

Exprobsh
  • 56
  • 1
  • 3
  • Just follow [these instructions](https://en.wikibooks.org/wiki/Grsecurity#Installation). You might need to further your googling skills my friend –  Aug 24 '16 at 05:44
  • Thanks, actually I used DuckDuckGo. That works in Google. You can answer the question and I will approve it. – Exprobsh Aug 24 '16 at 20:34
  • @luchonacho Those instructions are really for Debian, not Ubuntu or its kernel. Ubuntu kernel compilation instructions are [here](https://wiki.ubuntu.com/Kernel/BuildYourOwnKernel). I got pretty far in pulling the latest Ubuntu kernel sources and successfully applying the patches, but hit a problem with `check-config` complaining about various things after doing `fakeroot debian/rules editconfig`. – Aleksandr Dubinsky Nov 22 '16 at 13:49
  • @luchonacho Trying to compile vanilla Linux with grsecurity patches on Ubuntu 16.10 yields `Cannot use CONFIG_CC_STACKPROTECTOR_STRONG: -fstack-protector-strong available but compiler is broken` Do you know why? – Aleksandr Dubinsky Nov 24 '16 at 09:31
  • @AleksandrDubinsky No idea. Have you tried in 16.04? Or an older kernel? –  Nov 24 '16 at 13:39

1 Answers1

2

You need to patch and compile your own kernel. The instructions are here: https://en.wikibooks.org/wiki/Grsecurity/Configuring_and_Installing_grsecurity

There is one caveat, however. Ubuntu normally uses its own kernel which is patched with useful fixes that haven't made it to mainline yet (like the MacBook Pro suspend/resume fix) and is compiled with an Ubuntu-approved config. Unfortunately, at the moment the Ubuntu patches aren't compatible with grsecurity. However, you should still grab the appropriate .config file, as explained here.

Community
  • 1
Aleksandr Dubinsky
  • 690
  • 8
  • 22