How To Install Grsecurity On CentOS 6.0?
导读:
虽然linux有selinux模块进行防止溢出模块,但是很多时候都是关闭的,这里给出一个内核级别安全加固经典国家通用做法,那就是内核pax/grsecurity 安全加固,有效阻止***溢出***!
对于高度安全需求的环境进行打上次patch;
以下是老外的技术手册,学习一下。
Ideal way to install Grsecurity on 32 bit OS is :  Just follow the steps given below.

Fetch the sources:

Download kernel from kernel.org

#wget http://www.kernel.org/pub/linux/kernel/v2.6/longterm/v2.6.32/linux-2.6.32.51.tar.gz

Downlaod latest Grsecurity patch from below URL :

#wget http://grsecurity.net/stable/grsecurity-2.2.2-2.6.32.51-201201021326.patch

Extract:
tar xjf linux-2.6.32.51.tar.gz

Patch the kernel:

#cd linux-2.6.32.51

#patch -p1 < ../grsecurity-2.2.2-2.6.32.51-201201021326.patch

Now start making the kernel :

# make clean && make mrproper

Edit your kernel as per your need :

# make menuconfig

Compile your kernel and install it:

# make bzImage

# make modules

# make modules_install

Make sure it’s working ok with the help of following command :

# depmod 2.6.32.51-grsec

Installing and booting the new kernel :

# cp arch/i386/boot/bzImage /boot/vmlinuz-2.6.32.51-grsec

There is also a file called “System.map” that must be copied to the same boot directory.

# cp System.map /boot

Do not forget to make changes in /etc/grub.conf

also go to grub prompt after this and fire below command :

# grub > savedefault –-default=0 –-once

Now reboot server :

#Shutdown -r now.

=====================================