I've been trying to research on the Internet how to install an updated Linux kernel, leaving the old one intact.

Yes there are lots of advice out there. But I have a sense that I'm missing some fundamental steps in doing this.

So....dumb question... Should I be downloading all kernel*.rpm packages and just install them like any other RPM? I know that the kernel is different from the other modules.

I have a "possible LKM rootkit" on my FC6 notebook, says chkrootkit.

Thanks!

Tom D.

yum update kernel

When you reboot you will get the little screen that says booting in X seconds. That is where you choose which kernel to boot to. The default is to boot to the newest kernel.

The only 100% way to be sure of a secure system after a breach is to do a fresh install. Other words you have no way of knowing what files the intruder could have changed. About 99% if Linux breaches occur becuase of weak passwords.

Rootkits are normally hidden in slack space.
Changing kernel probably won't remove it, as it can be anywhere in the file system. With forensics tools you can locate and remove it, possibly Sleuthkit.

Rootkits can hide themselves and whatever else they want to hide pretty much anywhere but no, they are not "normally" hidden in slack space.

I don't have a direct internet connection to this box. I'd have to download the RPMs and update. What I don't understand is what packages I need to download. In other words, I need to update almost manually.

You're probably right. I haven't seen anything suspicious in the user log but that wouldn't mean anything either.

Thanks for the help!

Tom D.

You can probably google the newest kernel. For F8 it's 2.6.23-107 or something like that. All you need is the RPM for it and install it with rpm -ivh kernel-2.6.23-107.rpm (use whatever the actual name of the RPM is there). Then it should uninstall the previous kernel and install the new one. Refer to the manual just make sure you use the correct switches.

There shouldn't be any dependencies for a new kernel, but generally you want to update everything when updating the kernel.

Brandon

One thing I want to do is to preserve the old kernel and be able to revert back to it if the new kernel barfs for some reason. I don't want to overwrite my old kernel. How would I accomplish this?

My understanding is either kernel can be launched just by selection from LILO or GRUB.

Is there a web page anywhere that contains this procedure? I tried looking for it but I probably didn't use the right keywords on Google. At least I would think this would be a common reference.

Tom D.

Is there a special reason for installing specific kernels from RPM?

In a normal I would use yum to install the current kernel package and in case of need kernel-devel as well. Yum will always keep the previous kernel available within /boot, and if you want to keep even older kernels, than backup your /boot directory before updating kernels.

You also might want to have a look at /boot/grub/grub.conf to adjust the settings - most likely to define which kernel to startup at default.

Regards,
SIMP

Linux Archive

Well, I need specific RPM files because none of my Linux boxes have direct Internet access. Yum wouldn't do anything for me. I'd have to download the files of interest to my WinXP machine, transfer them to the Linux boxes via LAN, and run RPM manually.

Tom D.

You must find the appropriate place to download new kernel packages from. Maybe you have already done so, otherwise the homepage of your distribution is where you should start. Or search on sites like rpmfind.net, rpm.pbone.net, etc.

Installing with RPM will not remove previous kernel versions when installing new ones, you can as such have all versions you want to keep.

Install like this (as root):
# rpm -Uvh <kernelpackage>

On RedHat/Fedora systems, and probably other distributions as well, a 'firstboot' flag is set after installing a kernel: if your new kernel fails to boot properly, than your next boot will use the previous kernel again.

This is done by switching the 'default=' value in /boot/grub/grub.conf between the index number of the new kernel and the previous one. Index numbering starts from 0 and refers to the list of kernels in the same file, which is something like:

You can set the 'default=' value yourself by editing the grub.conf file.

All of this assumes that GRUB is your bootloader...

Hope this helps,
Regards,
SIMP

Don't do this if you want old kernel available, just in case newer one won't work.

This command given above will UPGRADE the existing kernel.

You may use -ivh switch in place of -Uvh. It will install a new kernel and change the grub loader making the newer kernel as default.

Yes, that's true. Sorry for the mix-up.

I use yum for kernel upgrading and yum takes care of keeping the older kernel available.

Sincerely,
SIMP

Just an off beat question but why can't you just connect your Linux box to the internet?

You can use the " yum localinstall" command. Have a look at "man yum".

Save yourself a lot of headaches and pick up a cheap router and just hook your linux boxes to the internet. Even if it is just plugged in for the updates (and unplugged otherwise), it will be well worth the $20 you will spend on the router.

I use dial-up with Netscape. They have ISP software for Windows but not Linux. (Hmmm -- I haven't checked lately -- perhaps I should take another glance at their website.)

However I am looking at cable Internet down the road when I get the LAN and WLAN security nailed down.

Tom D.