linux – 安全补丁上的自动内核重新编译?

我正在使用Ubuntu 14.04并且非常喜欢我获得自动内核安全更新的事实.修补内核安全问题后,新版本将附带一个新软件包.我的计算机配置为每半小时扫描一次新的安全更新并自动安装它们.我不必看邮件列表或CVE,我得到补丁.这是一个很好的系统.

我在考虑运行grsecurity,但它们需要您修补并手动重新编译内核.这有点问题,因为我可能会错过Ubuntu上游提供的内核安全更新.

有没有办法自动化内核重新编译,将补丁文件添加到进程?

解决方法:

您确定自动内核重新编译需要吗?如果您使用Ubuntu存储库下载安全更新,则无需编译它们.否则你的问题就会遗漏这一点.

有几种方法可以自动编译内核.例如,检查此article

我在页面中添加引用:

# Automated Kernel Recompilation By Avinash Shankar 
# Note: This was done under RH-7.3 so plz verify the paths
# Warning: Please run the Script under Xwindows

#going to kernel sources directory:
echo Entering Kernel Source Directory................
cd /usr/src/linux-2.4/

#Cleaning dep files and objs:
echo Cleaning up Junk files..................
make clean

#Configuring your New Kernel:
echo Entering Graphical kernel config.....................
make xconfig

#Making the dependencies files:
echo Making the dependecies ..................
make dep

#Backing up old module files
echo All your module files and system.map files backed up ................ 
mv /lib/modules/2.4.18-3/modules.dep modules.dep.old
mv /usr/src/linux-2.4/System.map System.map.old

#Make a compressed kernel:
echo Compressing the kernel image ..............................................
make bzImage

#Copy the Image to /boot directory
echo Copying the bzImage to /boot Directory......................................................
cp /usr/src/linux-2.4/arch/i386/boot/bzImage /boot

#Make the modules :
echo Compiling the Modules ...............................
make modules

#Make the Installable modules used by the new kernel
echo Making the modules executable ...................................
make modules_install

#copy the System.map file to /boot
echo Copying System.map file to /boot ....................................
cp /usr/src/linux-2.4/System.map /boot

echo Thats it you are finished ! Cool now edit the lilo.conf or your grub.conf file
echo located in the /boot directory. Copy the kernel entries and replace kernel with
echo the bzImage file and the initrd entry with System.map

-----------------------------------------------------------------------------------------------

这些日子Live Kernel Patching也会让你的生活更轻松.不幸的是它仅适用于Ubuntu 16.04

Since the release of the Linux 4.0 kernel about 18 months ago, users
have been able to patch and update their kernel packages without
rebooting.

上一篇:算法第2章实践报告


下一篇:编译 – 在AIX上使用MySQL身份验证支持编译proftpd