Posts Tagged ‘compilation’

How to improve Linux kernel security with GrSecurity / Maximum Linux kernel security with GrSecurity

Tuesday, May 3rd, 2011

In short I’ll explain here what is Grsecurity http://www.grsecurity.net/ for all those who have not used it yet and what kind of capabilities concerning enhanced kernel security it has.

Grsecurity is a combination of patches for the Linux kernel accenting at the improving kernel security.

The typical application of GrSecurity is in the field of Linux systems which are administered through SSH/Shell, e.g. (remote hosts), though you can also configure grsecurity on a normal Linux desktop system if you want a super secured Linux desktop ;).

GrSecurity is used heavily to protect server system which require a multiple users to have access to the shell.

On systems where multiple user access is required it’s a well known fact that (malicious users, crackers or dumb script kiddies) get administrator (root) privileges with a some just poped in 0 day root kernel exploit.
If you’re an administrator of a system (let’s say a web hosting) server with multiple users having access to the shell it’s also common that exploits aiming at hanging in certain daemon service is executed by some of the users.
In other occasions you have users which are trying to DoS the server with some 0 day Denial of Service exploit.
In all this cases GrSecurity having a kernel with grsecurity is priceless.

Installing grsecurity patched kernel is an easy task for Debian and Ubuntu and is explained in one of my previous articles.
This article aims to explain in short some configuration options for a GrSecurity tightened kernel, when one have to compile a new kernel from source.

I would skip the details on how to compile the kernel and simply show you some picture screens with GrSecurity configuration options which are working well and needs to be set-up before a make command is issued to compile the new kernel.

After preparing the kernel source for compilation and issuing:

linux:/usr/src/kernel-source$ make menuconfig

You will have to select options like the ones you see in the pictures below:

[nggallery id=”8″]

After completing and saving your kernel config file, continue as usual with an ordinary kernel compilation, e.g.:

linux:/usr/src/kernel-source$ make
linux:/usr/src/kernel-source$ make modules
linux:/usr/src/kernel-source$ su root
linux:/usr/src/kernel-source# make modules_install
linux:/usr/src/kernel-source# make install
linux:/usr/src/kernel-source# mkinitrd -o initrd.img-2.6.xx 2.6.xx

Also make sure the grub is properly configured to load the newly compiled and installed kernel.

After a system reboot, if all is fine you should be able to boot up the grsecurity tightened newly compiled kernel, but be careful and make sure you have a backup solution before you reboot, don’t blame me if your new grsecurity patched kernel fails to boot! You’re on your own boy 😉
This article is written thanks to based originally on his article in Bulgarian. If you’re a Bulgarian you might also checkout static’s blog

Install xmame from source on Debian Linux 7.0 (Wheezy) to play for better MAME (Arcade Games Emulation)

Thursday, May 30th, 2013

xmame logo install xmame on latest stable debian

Whether you're keen on playing old school arcade games. And you just updated or installed latest stable Debian 7 Wheezy. You will find out current installable Mame (Arcade Emulator) package cannot play many of the hot Games, even though game rom files are okay and you might have played those games in some previous versions of Debian with now obsolete but apparently better working emu  xmame.

As playing Captain Command, Xain'D Sleena, Cadillac & Dinosaurs and Punisher Classic Arcades is one of my great entertainments when I have some free time. I took the time to find out if xmame is still installable either by deb package or from source.

Unfortunately xmame for latest Debian releases is not available from unofficial repositories, so I proceeded with installing it from source. Thanksfully source install was successful. Hence, below is explained how to install xmame from source on Debian Wheezy and Debian testing/unstable.
First before compiling install a bunch of development packages necessary for proper compilation:

# apt-get install --yes zlib1g-dev
# apt-get install --yes libexpat1-dev
# apt-get install --yes libghc-x11-dev
# apt-get install --yes x11proto-video-dev
# apt-get install --yes libxv-dev

Download xmame 0.103 source archive (xmame-0.103.tar.bz2)

Tar archive doesn't have configure script so to compile it just run make ;

# cd /usr/local/src
# tar -jxvvf xmame-0.103.tar.bz2
# su hipo
cd xmame-0.103
$ make
...
....
$ exit
# make install
.....


In case some header .h file is still missing and compile fails, as it happened to me on few occasions. You can install and use apt-file;

One important note is xmame's build will take very long on my machine with 2Gb of Memory and Dual Core 1.8 Ghz it took about 1,.30 or 2 hours. 

# apt-get –yes install apt-file
# apt-file update

To find from which package the the missing .h file can be installed

# apt-file search Header-Name.h

Then just install package which will provide needed header.

Next step is to create xmame config file:
# mkdir /usr/local/share/xmame/
xmame-0.103$ cp -rpf ./src/unix/doc/xmamerc.dist /usr/local/share/xmame/xmamerc

In xmamerc set proper location for Mame ROM files:

# vim /usr/local/share/xmame/xmamerc
Find line;

rompath                 /usr/local/share/xmame/roms

and change it to whether Rom files are located. In my case they're in /disk/Games/Mames/roms, so change rompath to;
 

rompath                 /disk/Games/Mames/roms

There are some other configurations which you might want to tune. A well configured xmamerc that works fine for me is here

Finally link xmame.x11 to /usr/bin/xmame

# ln -sf /usr/local/bin/xmame.x11 /usr/bin/xmame

After having properly configured XMamE'S roms Directory to launch a game, for example punisher.zip or captcomm.zip:

$ xmame punisher
....
 $ xmame captcom
....

captain_commando_arcade-game-logo running on xmame Linux

I've build xmame from source on Debian but I suppose same guide should be working okay on Ubuntu, Mint and rest of Debian distributions. I'll be happy to get feedback if someone succeeded running xmame on other distro. If you do please drop me a comment with distro name and specifics or problems faced.

How to compile latest qmailadmin (qmailadmin 1.2.15) on Debian Squeeze Linux

Thursday, August 11th, 2011

I’ve completed a qmail installation few days ago on a fresh installed Debian Squeeze 64 bit server. All is configured and works fine, except qmailadmin and vqadmin.
As the mail server was missing any kind of web mail administration panel, I needed to make at least one of the two above to make with qmail.

I decided to concentrate on qmailadmin and took the time to make it work. I used the following command lines and got the compile failure during make compilation:

debian:/usr/local/src/qmailadmin-1.2.15# ./configure --enable-cgibindir=/usr/lib/cgi-bin --enable-htmldir=/var/www/qmailadmin/ --enable-modify-quota
...
debian:/usr/local/src/qmailadmin-1.2.15# make
...

The source make failed with the following error:

In file included from template.c:45:
qmailadmin.h:37:1: warning: "MAX_FILE_NAME" redefined
In file included from template.c:28:
/home/vpopmail/include/vpopmail.h:146:1: warning: this is the location of the previous definition
template.c: In function "send_template_now":
template.c:505: error: "VERSION" undeclared (first use in this function)
template.c:505: error: (Each undeclared identifier is reported only once
template.c:505: error: for each function it appears in.)
make[1]: *** [template.o] Error 1
make[1]: Leaving directory `/usr/local/src/qmailadmin-1.2.15'
make: *** [all] Error 2

To workaround these compile issues, I’ve had to modify the C source file belonging to qmailadmin ( template.c ), e.g.:

debian:/usr/local/src/qmailadmin-1.2.15# vim template.c

In the file I had to add besides the line:

#include "util.h"

The code:

#define VERSION ""

Aterwards qmailadmin’s compile and install via make && make install-strip succeeded and now works perfectly fine 😉