grsec kernel = no tcp traffic
Posted by dragon2611, 01-11-2008, 11:54 PM Tried building a grsec patched kernel as I don't fancy getting that rootkit thats going around for a second time it was linux-2.6.23.9 which was the latest one there was a grsec patch for. compiled ok as a monolithic kernel however on reboot I was not able to get anything but a ping from the server, Figured that the kernel had paniced and not booted. However the tech who rebooted the server for me and selected the other kernel (a standard centos kernel) said that the system had booted but was not responding to tcp traffic. So its either a case of 1) I missed something important when configuring the kernel. 2) perhaps a problem with APF it does warn enabling Monolithic kernel support is unsupported in the config file (although it seems to work fine with the centos stock kernel)... I'm wandering what the best next course of action is i'd quite like to be able to run a kernel that doesn't allow write access to /dev/kmem if possible.
Posted by jon-f, 01-12-2008, 06:39 AM hey they changed up the netfilter modules again it looks like. I had a similar problem with CSF. Would just completely lock a box down if you managed to get the firewall to start in the first place. using 2.6.29-grsec here. Seems to be the most stable version I found out of the test patches
Posted by dragon2611, 01-12-2008, 07:49 AM is that 2.6.16.29
Posted by Scott.Mc, 01-12-2008, 07:47 PM What is the error they get? Whoever compiled your kernel may have forgot the network card or your firewall is causing the network traffic not to respond because they use rules incompatible with the iptables modules loaded (A common occurance of this is plesk's psa-firewall needs Full Nat support in the kernel).
Posted by dragon2611, 01-12-2008, 08:38 PM I compiled it and its entirely possible that i forgot something The machine was responding to a ping but not to anything else. I dare say I messed something up somewhere but any pointers into recompiling it
Posted by Scott.Mc, 01-12-2008, 09:05 PM If it was responding to pings then the server booted with the network, if you couldn't access then it's like either daemons didn't start or your firewall filtered everything. The logs should show that.
Posted by dragon2611, 01-13-2008, 07:01 AM Do you think it will help if I shove APF into testing mode? Least then I might not have keep asking the datacenter for reboots while I try to find/fix the problem. Depends if it unloads itself ok i guess
Posted by dragon2611, 01-13-2008, 10:15 AM Well I got rid of APF in the end and put csf on there as I find it easier to work with It gave me a nice output when it started which told me which rules were causing problems. Took a couple recompiles for me to get all the required options built into netfilter for the firewall to work properly but i got there in the end Didn't enable most of the GRsec options but i did enable the one to stop writing to /dev/kmem so hopefully that's done what i wanted. its now running 2.6.23.9-grsec which was the latest kernel I could get a grsec patch for