kernel config -- Re: Debian Investigation Report after Server Compromises
hi ya benedict
On Wed, 3 Dec 2003, Benedict Verheyen wrote:
> > I'm one of those who's got all his systems on safe kernels, even if this
> > means I don't have full use. NICs on one box aren't supported by
> > 2.4.18, and building 2.4.23 is turning into a bitch.
>
> Is there a page anywhere (if not, there should be one) or info on what
> type of patches are added to a debianized kernel and where to find them.
i think you can do the following to see what your kernel does
uname -a
- lets say it says 2.4.22-foo
to get a list of modules it supports
ls -la /lib/modules/2.4.22-foo
to get a list of options built into the kernel
cd /usr/local/src
wget kernel.org/.....2.4.22.tar.gz
tar zxvfp 2.4.22.tar.gz
cd linux-2.4.22 ( virgin kernel from kernel.org )
make xconfig
- save it's default .. do NOT change anything
mv .config .config.defaults
make oldconfig
- should create a .conf of your kernel
diff .config .config.defaults
- to see the differences
- dont know if that still works.. havent tried it in years..
- its 100x easier/faster to make your own kernel than to figure out
what they did to it
> 1. Either this info just isn't there because you don't need cramfs
> for an initrd
initrd is NOT needed ..
- not needed if all the options are built intot he kernel
- not needed if your / is under the 1024 cyl boundry
initrd is used primarily to boot your system, when the kernel
you're trying to use doesnt have all the options defined
( you cant read the scsi disk till you have a kernel to read
( the kernel off the scsi disk .. the typical catch-22 problem
- build the scsi drivers into your custom kernel and boot
it and that problem goes away
c ya
alvin
Reply to: