From 1e24109699127f8526388dc7584baccccb8758c1 Mon Sep 17 00:00:00 2001 From: Dinko Korunic Date: Fri, 19 Feb 2010 16:37:00 +0100 Subject: [PATCH] - nova inacica paketa koja prestaje ovisiti o ExecShield ojacanoj verziji, te ovisi iskljucivo o cistom Debian paketu --- README.CARNet | 71 +++++------------------------------------------------- debian/changelog | 7 ++++++ debian/control | 6 ++--- debian/postinst | 3 +-- 4 files changed, 17 insertions(+), 70 deletions(-) diff --git a/README.CARNet b/README.CARNet index 104e2d3..f3a2641 100644 --- a/README.CARNet +++ b/README.CARNet @@ -1,76 +1,17 @@ kernel-2.6-cn ~~~~~~~~~~~~~ -Ovo je virtualni paket koji instalira odgovarajucu okolinu za CARNet -Debian kernel izgradjen iz standardnog Debian Etchnhalf kernela, ali sa -ExecShield i Layer 7 netfilterom. Takodjer, vise se ne koristi initrd vec -initramfs tehnika, odnosno ne koristi se vise ni LILO vec GRUB kao glavni -loader za Linux kernel. +Ovo je virtualni paket koji modificira tipicni Debian posluzitelj sa +razlicitim sigurnosnim postavkama. -Vise o Etchnhalf Debian izdanju mozete procitati na: - - http://www.debian.org/releases/etch/etchnhalf - -ExecShield je dodatni nivo zastite cija je glavna duznost onemoguciti -izvrsavanje koda sa stranica koje su oznacene tako: - - http://en.wikipedia.org/wiki/Exec_Shield - -Sam patch je preuzet iz Fedora CVS razvojnog stabla: - - http://cvs.fedora.redhat.com/viewvc/rpms/kernel/F-9/linux-2.6-execshield.patch - -Dodatak je i Layer 7 Netfilter modul koji omogucava matchiranje odredjenih -aplikativnih protokola sa boljom ili losijom pouzdanoscu. Stranica -projekta je: - - http://l7-filter.sourceforge.net/ - -Popis podrzanog hardvera: -------------------------- -Memorija: do 64GB (bigmem odnosno PAE podrska) - -Procesori: IA32 (pocevsi od PIII procesora), x86_64 ukljucno sa EM64T - procesorima PIII i visi (ali ne IA-64) u SMP i UP nacinu rada - -Ploce: sve standardne PC ploce za IA32 ili x86_64 arhitekturu - -IDE kontroleri: AMD AMD74xx, CMD64x, Highpoint HPT366, Intel PIIX/ICH, IT821x, - Promise PDC202xx, ServerWorks, Silicon Image, SIS513, VIA82Cxxx, - genericki PCI IDE, ITE 821x, Pacific Digital Corporation ADMA, - Serverworks OSB4/CSB5/CSB6, SiI, SiS, VIA, Marvell - -SCSI i SAS kontroleri: 3ware 9000, Dell PERC2, 2/Si, 3/Si, 3/Di, Adaptec - Advanced Raid Products, HP NetRAID-4M, IBM ServeRAID, ICP SCSI, - Adaptec AIC77xx/78xx/790x/94xx, HP Controller CCISS SA5xxx/SA6xxx, - Adaptec I2O, IBM Power RAID, IBM ServeRAID, Emulex LightPulse Fibre - Channel, LSI Logic MegaRAID, Fusion MPT, Qlogic ISP (QLA - 1x80/1x160), QLogic Fibre Channel, NCR/Symbios/LSI 8xx/1010, - FlashPoint, Marvell - -mrezne kartice: 3Com 3c59x/3c9xx, RealTek RTL-8139, Broadcom NetXtreme II - BCM5706/5708, Intel PRO/100, NE2000, PCNet32/PCnetPCI, RealTek - RTL-8169, SiS sis190, SiS 900, SysKonnect, Digital 21x4x Tulip, - 3Com Typhoon (3C990, 3CR990, itd), VIA Rhine, VIA Velocity, QLogic - QLA3xxx, Marvell Yukon 2/SysKonnect, Attansic L1 - -SATA kontroleri: AHCI, Marvell, nVidia, Promise ATA TX2/TX4/TX4000, Pacific - Digital Corporation QStor, Silicon Image, Silicon Image 3124/3132, - Silicon Integrated Systems, K2, Promise, ULi, VIA, Vitesse VSC7174, - Initio 162x - -ostalo: IPv4 i IPv6 Netfilter moduli, QoS pravila, raznorazni - filesistemi (NFSv3 client i server, XFS, Ext2/3, Minix), VLAN - 802.1q, bridge 802.1d, USB EHCI/UHCI/OHCI, InfiniBand, SoftRAID - (append, MD 0/1/4/5/6), LVM2, IPMI, i6300ESB watchdog, i8xx/Intel TCO - watchdog, DeviceMapper, IEEE 1394 FireWire, KVM Intel/AMD, SATA/SAS - hubovi/ekspanderi itd. +Paket je nekad donosio Grsecurity, ExecShield i Layer7 dodatke, no sada +je iskljucivo nadogradnja (u vidu postavki) na defaultni Debianov kernel. Datoteke koje se backupiraju: ----------------------------- /etc/lilo.conf -> /var/backups /etc/sysctl.conf -> /var/backups -//etc/kernel-img.conf -> /var/backups +/etc/kernel-img.conf -> /var/backups Datoteke koje se mijenjaju uvjetno ili bezuvjetno: -------------------------------------------------- @@ -89,4 +30,4 @@ Datoteke koje se mijenjaju uvjetno ili bezuvjetno: /vmlinuz /vmlinuz.old /boot/vmlinuz.plain -> eliminacija starih i zaostalih symlinkova - -- Dinko Korunic Fri, 13 Feb 2009 15:14:11 +0100 + -- Dinko Korunic Fri, 19 Feb 2010 16:34:30 +0100 diff --git a/debian/changelog b/debian/changelog index 22f3afb..d7656bb 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,10 @@ +kernel-2.6-cn (3:2.6.26-4) stable; urgency=low + + * nova inacica paketa koja prestaje ovisiti o ExecShield ojacanoj verziji, + te ovisi iskljucivo o cistom Debian paketu + + -- Dinko Korunic Wed, 17 Feb 2010 18:43:22 +0100 + kernel-2.6-cn (3:2.6.26-3) stable; urgency=low * Grub shell workaroundovi (divertovi) za ExecShield (grub i grub-probe) diff --git a/debian/control b/debian/control index e582cd5..09b717a 100644 --- a/debian/control +++ b/debian/control @@ -8,9 +8,9 @@ Standards-Version: 3.7.2 Package: kernel-2.6-cn Architecture: all Section: base -Depends: grub (>= 0.97-47lenny2), procps (>= 1:3.2.7-11), udev (>= 0.125-7+lenny1), perl-base, carnet-tools-cn (>= 2.8.2), module-init-tools (>= 3.4-1), mount (>= 2.13.1.1-1), e2fsprogs (>= 1.41.3-1), microcode.ctl (>= 1.17-9), irqbalance (>= 0.55-2.4lenny1), mdadm (>= 2.6.7.2-1), firmware-bnx2 (>= 0.14+lenny1), linux-image-2.6.26-2+cn1-686-bigmem (>= 2.6.26-15lenny3+cn1) | linux-image-2.6.26-2+cn1-amd64 (>= 2.6.26-15lenny3+cn1) -Conflicts: iplogger, kernel-cn, kernel-2.4-cn (<< 2.4.33-2) -Replaces: kernel-cn, kernel-2.4-cn +Depends: grub (>= 0.97-47lenny2), procps (>= 1:3.2.7-11), udev (>= 0.125-7+lenny1), perl-base, carnet-tools-cn (>= 2.8.2), module-init-tools (>= 3.4-1), mount (>= 2.13.1.1-1), e2fsprogs (>= 1.41.3-1), microcode.ctl (>= 1.17-9), irqbalance (>= 0.55-2.4lenny1), mdadm (>= 2.6.7.2-1), firmware-bnx2 (>= 0.14+lenny1), linux-image-2.6.26-2-686-bigmem | linux-image-2.6.26-2-amd64 +Conflicts: iplogger, kernel-cn, kernel-2.4-cn (<< 2.4.33-2), linux-image-2.6.26-2+cn1-686-bigmem, linux-image-2.6.26-2+cn1-amd64 +Replaces: kernel-cn, kernel-2.4-cn, linux-image-2.6.26-2+cn1-686-bigmem, linux-image-2.6.26-2+cn1-amd64 Provides: kernel-cn Recommends: memtest86+, linux-headers-2.6.26-2+cn1-686-bigmem | linux-headers-2.6.26-2+cn1-amd64 Description: Linux kernel virtual package for CARNet Linux servers diff --git a/debian/postinst b/debian/postinst index 3b3d622..2167bed 100755 --- a/debian/postinst +++ b/debian/postinst @@ -311,7 +311,6 @@ fi # default kernel parameters rm -f /etc/sysctl.conf.$$ cat > /etc/sysctl.conf.$$ <> /etc/sysctl.conf.$$ fi -- 1.7.10.4