LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
Search this Thread
Old 09-09-2003, 06:08 PM   #1
RedHatDude
LQ Newbie
 
Registered: Sep 2003
Posts: 4

Rep: Reputation: 0
RedHat 9 (2.4.20-8) kernel rebuild without loadable module support


I've been trying to rebuild the 2.4.20-8 kernel under RedHat 9 without loadable module support (for security reasons). In the 'make menuconfig' process, in the "Loadable module support" section, I un-select "Enable Loadable Module Support".

Here are my exact steps:

RedHat 9
kernel-source-2.4.20-20.9

cd /usr/src/linux-2.4
make mrproper
cp configs/kernel-2.4.20-i686-smp.config ./.config
make oldconfig
make menuconfig
(the only config change made is to disable loadable module support)
make dep
make bzImage

During the make, I get the following error:

make[4]: Entering directory `/usr/src/linux-2.4.20-20.9/drivers/addon/aep'
gcc -D__KERNEL__ -I/usr/src/linux-2.4.20-20.9/include -Wall -Wstrict-prototypes -Wno-trigraphs -O2 -fno-strict-aliasing -fno-common -fomit-frame-pointer -pipe -mpreferred-stack-boundary=2 -march=i686 -nostdinc -iwithprefix include -DKBUILD_BASENAME=paep -c -o paep.o paep.c
In file included from paep.c:85:
paep.h:75:2: #error "MODULE not defined, I guess you don't want to recompile the entire kernel !"
make[4]: *** [paep.o] Error 1
make[4]: Leaving directory `/usr/src/linux-2.4.20-20.9/drivers/addon/aep'
make[3]: *** [first_rule] Error 2
make[3]: Leaving directory `/usr/src/linux-2.4.20-20.9/drivers/addon/aep'
make[2]: *** [_subdir_aep] Error 2
make[2]: Leaving directory `/usr/src/linux-2.4.20-20.9/drivers/addon'
make[1]: *** [_subdir_addon] Error 2
make[1]: Leaving directory `/usr/src/linux-2.4.20-20.9/drivers'
make: *** [_dir_drivers] Error 2

--

Is this the proper way to disable Loadable module support? If not, what should I be doing? Thanks...
 
Old 09-09-2003, 06:51 PM   #2
Eqwatz
Member
 
Registered: May 2003
Distribution: Slack Puppy Debian DSL--at the moment.
Posts: 341

Rep: Reputation: 30
To do that you must compile a custom kernel with the specific drivers for your equipment, filesystems + netfilter. It will have be an alternate boot as it will be too big for a set of boot disks.

You will to have a large investment of time to make it work. First, I suggest you learn how use a rescue CD, and how to make a self booting CD version of your kernel on CD as a boot disk.

In fact, you may think about doing that boot disk and testing it on CD before ever using the command "make install".
 
Old 09-09-2003, 08:42 PM   #3
Dan46628
LQ Newbie
 
Registered: May 2003
Location: South Bend, IN
Distribution: Red Hat 9.0
Posts: 20

Rep: Reputation: 0
You need to go through the entire configuration making sure nothing is marked as M(odule). Everything you need will have to be installed in the kernal. Good luck, never got it to work without modules.
 
Old 09-09-2003, 08:55 PM   #4
mlp68
Member
 
Registered: Jun 2002
Location: NY
Distribution: Gentoo,RH
Posts: 328

Rep: Reputation: 31
Well, first think what specific security risk you want to want to address. Virus loadable modules? I'm not kidding, it's a risk, and it's the ULTIMATE way to attack a system, if done right, it can be made totally undetectable. You control every aspect of the system, and can subvert and defeat all detection tools.

That said, I have not yet seen an attack that uses this (I have a cert in Unix security administration, and everywhere it's mentioned as a hypothetical risk,
so far). So if after after *all other* measures, such as tripwiring your system, making key config files immutable, read-only mounting /boot and /usr, a firewall, the whole 9 yards, you STILL feel it's an unacceptable risk, go ahead.

You will not be able, I think, to produce a non-modular kernel from the unchanged config file. The RH-premade kernel has all kinds of support for everything imaginable, small matter with modules, but if you compile everything in, the kernel will be way too big. So you need to tailor your kernel to the essentials, disable all other network hardware not on your system, IDE chipsets not on your system, go through the configuration with a fine comb and weed out stuff. The remaining drivers previously compiled as modules must then be changed to be compiled in. I don't know if globally disabling module support does that, but I doubt it. Then you might have a chance to get a kernel that's small enough.

I went through part of this exercise to make a Rescue CD that Eqwatz mentions, goto http://www.phenix.bnl.gov/~purschke/RescueCD/ (yes, that's my page) for a self-service self-made R-CD and some of the ramifications. For that bare-bones rescue system, I got the kernel size down to about 800k, but it took some doing.

My gut feeling is, it's overly paranoid, and it's not a substitute for other standard measures, some listed above.

Hope it helps,

mlp
 
Old 09-09-2003, 09:32 PM   #5
engnyr
LQ Newbie
 
Registered: Jul 2003
Location: New Zealand
Distribution: mandrake
Posts: 10

Rep: Reputation: 0
make clean

hi there,
aren't u missing "make clean" before and after "make mrproper"? yeah.. i know it jus cleans... but you never know!!! atleast thats what the Kernel-HOWTO says! Well as of me, i'm into kernel recompiling as well. i had pretty much followed the 'howto' as
1. make clean
2. make mrproper
3. make clean
4. make menuconfig
5. nohup make bzImage & tail -f nohup.out

btw i'm still at it. After quite a long hours on my 75MHz system, it seemed kinda hung up(even with nohup! or may be i'm wrong ). The following were the final messages:
***************
tools/build -b bbootsect bsetup compressed/bvm/linux.out CURRENT > bzImage
Root device is (3,2)
Boot sector 512 bytes
Setup is 4930 bytes
system is 870 kB
make[1]: Leaving directory /usr/src/linux-2.4.20-8/arch/i386/boot
**********
Shouldn't it come to the command automatically? or is it normal. Anyway i got out with "<cntrl>+c" key...btw bzImage is there in the directory /usr/src/linux-2.4.20-8/arch/i386/boot. Even though i started of with a suggestion for redhatdude, excuse me for putting my question here. I would continuing the remaining steps as get home in the evening....btw my sys spec are:
--------------------------------
*Intel/Triton-II i430HX
*k586-P75
*4GB hdd
*CMI 8738 sound card
*SiS 6202(1MB) graphics card
* Dynalink 1456VQH-R - HCF modem
---------------------------------------
Thanx very much for your help in advance

Cheers,
me
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Tool to identify memory leak in loadable kernel module appas Programming 3 06-05-2012 09:56 AM
How do you rebuild a single kernel module? rollo Linux - General 3 01-29-2006 01:19 AM
how to add new loadable module to kernel? Mistreated Linux - Software 7 02-02-2005 10:22 AM
RedHat 9 (2.4.20-8) kernel rebuild without loadable module support RedHatDude Red Hat 1 09-09-2003 09:20 PM
loadable kernel module brajesh Linux - General 2 01-17-2003 12:54 AM


All times are GMT -5. The time now is 09:53 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration