|Securing and Optimizing Linux: RedHat Edition -A Hands on Guide
|Chapter 7. Configuring and Building a Secure, Optimized Kernel
After the reboot of your Linux server, you should have now a system with an upgraded kernel. Therefore, it's time is to make a new rescue image with the new kernel in case of future emergencies. To do this, follow the simple step below; Login as root, and insert a new floppy, then execute the following command:
[root@deep] /#mkbootdisk --device /dev/fd0 2.2.14
Insert a disk in /dev/fd0. Any information on the disk will be lost. Press <Enter> --device ^C to abort:
: The mkbootdisk program runs only on modularized kernel. So you can't use it on a monolithic kernel; instead create an emergency boot floppy as shown below if you have a problem with your system in the future.
Because it is possible to create a rescue floppy only on modularized kernel, we must find another way to boot our Linux system if the Linux kernel on the hard disk is damaged. This is possible with a Linux emergency boot floppy disk. You should immediately create it after you successfully start your system and log in as root.
To create the emergency boot floppy disk, follow these steps:
Insert a floppy disk and format it with the following command:
[root@deep] /#fdformat /dev/fd0H1440
Double-sided, 80 tracks, 18 sec/track. Total capacity 1440 kB. Formatting ... done Verifying ... done
Copy the file vmlinuz from the /boot directory to the floppy disk:
[root@deep] /#cp /boot/vmlinuz /dev/fd0
The vmlinuz file is a symbolic link that point to the real Linux kernel.
cp: overwrite '/dev/fd0'? y
Determine the kernel's root device with the following command:
[root@deep] /#rdev /dev/sda12 /
Set the kernel's root device with the following command:
[root@deep] /#rdev /dev/fd0 /dev/sda12
5.Mark the root device as read-only with the following command:
[root@deep] /#rdev -R /dev/fd0 1
Now put the boot floppy in the drive A: and reboot your system with the following command:
Update your /dev entries:If you have added new devices to your system or have done recently a major kernel upgrade (a major kernel upgrade is for example when you pass from kernel version 2.2.9 to 2.2.15 directly), it may be important to update your /dev entries to avoid problems related to missing devices. We can accomplish this task with the MAKEDEV script utility that scan the /dev directory where all devices that interfaces with drivers in the kernel are kept. A special option named update allow the MAKEDEV utility to create new devices that you have configured in your kernel and delete those which are no longer configured.To update your /dev entries, execute the following commands:
[root@deep] /#cd /dev [root@deep ] /dev#./MAKEDEV update