4

How can I install grsecurity on Ubuntu 16.04?

I tried searching google and I am not finding anything even on the ubuntu website or this site.

Exprobsh
  • 56
  • Just follow these instructions. You might need to further your googling skills my friend –  Aug 24 '16 at 05:44
  • Thanks, actually I used DuckDuckGo. That works in Google. You can answer the question and I will approve it. – Exprobsh Aug 24 '16 at 20:34
  • @luchonacho Those instructions are really for Debian, not Ubuntu or its kernel. Ubuntu kernel compilation instructions are here. I got pretty far in pulling the latest Ubuntu kernel sources and successfully applying the patches, but hit a problem with check-config complaining about various things after doing fakeroot debian/rules editconfig. – Aleksandr Dubinsky Nov 22 '16 at 13:49
  • @luchonacho Trying to compile vanilla Linux with grsecurity patches on Ubuntu 16.10 yields Cannot use CONFIG_CC_STACKPROTECTOR_STRONG: -fstack-protector-strong available but compiler is broken Do you know why? – Aleksandr Dubinsky Nov 24 '16 at 09:31
  • @AleksandrDubinsky No idea. Have you tried in 16.04? Or an older kernel? –  Nov 24 '16 at 13:39

1 Answers1

2

You need to patch and compile your own kernel. The instructions are here: https://en.wikibooks.org/wiki/Grsecurity/Configuring_and_Installing_grsecurity

There is one caveat, however. Ubuntu normally uses its own kernel which is patched with useful fixes that haven't made it to mainline yet (like the MacBook Pro suspend/resume fix) and is compiled with an Ubuntu-approved config. Unfortunately, at the moment the Ubuntu patches aren't compatible with grsecurity. However, you should still grab the appropriate .config file, as explained here.

Community
  • 1
Aleksandr Dubinsky
  • 731
  • 8
  • 22