Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I never compiled the kernel and never applied a patch.I run debian sarge 3.1 stable but in /usr/src is empty.I want to patch-o-matic my kernel where is the kernel source directory as value of the KERNEL_DIR parameter: ... /boot ?
Thanks !
You probably do not have the actual kernel source code installed on the system. Use apt-get install kernel-source-2.X.X (make sure to replace X.X with the correct kernel version for your system).
But first Patch O Matic :
I have run the ./runme and asked me the kernel dir and than the iptables sourcecode dir which i don't have(or i haven't got idea where it is ), if i install with apt i do not have a soucedir for packages,right?) ,
Whit POM i'm at this stage :
root@argo:/usr/src/iptables-1.3.5# make KERNEL_DIR=/usr/src/kernel-headers-2.6.8-3-386
Making dependencies: please wait...
Something wrong... deleting dependencies.
make: *** [assert.h] Error 1
... So i Got a tarball from netfilter.org .I like the idea of compiling iptables POM ipset all in one go but in the first place happen things like the above error what's happening at the iptables'make ???
You need to run patch-o-matic first before you do any compiling. Before you run patch-o-matic you'll need to install the kernel sources. Use the apt-get command I posted above. It will download the kernel source and install it in the proper directory.
Make sure to follow the directions carefully. If you do this half-arsed there's a good likliehood of screwing your system up.
Unpack the bzipped tarball in the /usr/src directory. When it is unpacked you should have a linux-2.6.8 directory. That will be your path when P-O-M prompts you.
Also, note that there were several known vulnerabilities in the original 2.6.8 kernels used by debian, so make sure that you've upgraded to the current version.
root@argo:/usr/local/patch-o-matic# ./runme --batch base
i get
Quote:
Testing patch submitted/01_2.4.19.patch...
Warning - no help text file could be found in either
/usr/src/kernel-source-2.6.8/net/ipv4/netfilter/Config.help
or /usr/src/kernel-source-2.6.8/Documentation/Configure.help
Failed to patch copy of /usr/src/kernel-source-2.6.8
TEST FAILED: patch NOT applied.
Yup, just download the iptables source and unpack it. Enter the path to that dir (or just put the iptables source in /usr/src/iptables. Good luck and follow the directions carefully.
Excellent! Source trees are ready for compilation.
Now i only have to apply new features to my iptables script, isn'it ? ? ?
How can i see witch new features have applied and which not ?The questions list of new patch to apply don't seem much long i have used the ./runme --batch base ... i will look things better !!!
Now i only have to apply new features to my iptables script, isn'it ? ? ?
Yes, once the patches have been applied you need to compile the kernel and kernel modules. For some of the netfilter patches you will need to specifically enable that feature when you do the configuration step of the kernel compilation. These options will appear in the networking section under netfilter.
Quote:
Originally Posted by gabsik
How can i see witch new features have applied and which not?
I believe if you re-run the runme script it will show which patches have already been applied (the patch will now appear as "applied".
Quote:
Originally Posted by gabsik
The questions list of new patch to apply don't seem much long i have used the ./runme --batch base ... i will look things
You only applied the "base" netfilter extensions. There is also the "extra", "pending", and "submitted" extensions. Note that many of those are experimental and currently do not work. So be careful when applying some of the other patches and definitely do not install all of them. For each patch you consider installing, make sure to check its status at the netfilter website.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.