November 2, 2017 at 13:33Kali Linux: kernel assembly
- Transfer
In today's article, we publish a translation of the next fragment of the book “ Kali Linux Revealed ”. From it you will learn how to modify and build your own Linux kernel. The second section of chapter nine is devoted to this topic.
The standard Kali kernels include maximum features and all available driver sets. This is done so that the system can work on as many existing hardware configurations as possible. That is why some users prefer to recompile the kernel so that it has only what they need. There are two reasons for this step. The first is the optimization of memory consumption, since all kernel code, even if it is not used, takes up physical memory. Since statically compiled kernel fragments never move to the swap area, a general decrease in system performance will occur due to the presence of built-in drivers and functions that are never used. The second reason is
A recompilation of the kernel is also necessary if you need to take advantage of certain features that are available only in the form of patches (and are not included in the standard version of the kernel).
Debian and Kali support the kernel in package form, which is not surprising, but it differs from the traditional approach to compiling and installing the kernel. Since the kernel is under the control of the package management system, it can be easily removed or deployed on several machines. Moreover, the scripts associated with these packages automate interactions with the operating system loader and generator
The official Linux source code contains everything you need to build a Debian kernel package, but you must first install the package
To install the above packages, use the following command:
Since the source code for the Linux kernel is available as a package, you can download them by installing the package
Below we will consider working with the Linux kernel version 4.9, but our examples, of course, can be adapted to the version of the kernel you need.
Citing this example, we assume that a binary package is installed
The next step is to configure the kernel to suit your needs. The exact procedure depends on the goals of the person who builds the new kernel.
The build process depends on the kernel configuration file. In most cases, it makes sense to deviate as little as possible from the standard Kali configuration file, which, as with all Linux distributions, is installed in the directory
In addition, since there is a standard kernel configuration in
In the event that you do not need configuration changes, here you can stop and go to section 9.2.4, “Compiling and Building the Package”. If you need to make changes, or you decide to reconfigure everything from scratch, then you will need to do the settings. In the source folder, there are special tools for configuring the kernel. To use them, you need a command of the form
Command
Other tools have similar capabilities, but they are designed as graphical applications. For example, the team
After the kernel configuration is complete, we need a simple command
The value
In order to use the assembled kernel, there is only one step left, which consists in installing the required packages using the command
Today we talked about building our own kernel for Kali Linux. This process involves loading the source code, performing the necessary modifications, compiling, and, in fact, building. After that, the new kernel can be installed and used. Next time we’ll talk about creating Live images that can be used to boot the system from optical media and flash drives.
Dear readers! If you were building your own Linux kernels, please share your experience.
Previous parts:
→ Part 1. Kali Linux: security policy, protecting computers and network services
→ Part 2. Kali Linux: filtering traffic using netfilter
→ Part 3. Kali Linux: monitoring and logging
→ Part 4.Kali Linux: exercises to protect and monitor the system
→ Part 5. Kali Linux: assessment of system security
→ Part 6. Kali Linux: types of checks of information systems
→ Part 7. Kali Linux: formalization of research and types of attacks
→ Part 8. Kali Linux: control security research questions
→ Part 9. Kali Linux: package modification
9.2. Recompiling Linux Kernel
The standard Kali kernels include maximum features and all available driver sets. This is done so that the system can work on as many existing hardware configurations as possible. That is why some users prefer to recompile the kernel so that it has only what they need. There are two reasons for this step. The first is the optimization of memory consumption, since all kernel code, even if it is not used, takes up physical memory. Since statically compiled kernel fragments never move to the swap area, a general decrease in system performance will occur due to the presence of built-in drivers and functions that are never used. The second reason is
▍ Build your own kernel and update the system
If you decide to build your own core, you must understand that the responsibility for the consequences lies with you. The Kali team will not be able to provide security updates for your kernel. Working with the kernel provided by Kali, you also use updates prepared by the Debian Project.
A recompilation of the kernel is also necessary if you need to take advantage of certain features that are available only in the form of patches (and are not included in the standard version of the kernel).
▍About The Debian Kernel Handbook
The Debian Kernel Team keeps the The Debian Kernel Handbook up-to-date (it is also available as a packagedebian-kernel-handbook). This is detailed documentation describing most of the kernel related tasks and how official Debian kernel packages are supported. If you need more information on building your own kernel, The Debian Kernel Handbook is worth a look first.
9.2.1. Preparation and prerequisites
Debian and Kali support the kernel in package form, which is not surprising, but it differs from the traditional approach to compiling and installing the kernel. Since the kernel is under the control of the package management system, it can be easily removed or deployed on several machines. Moreover, the scripts associated with these packages automate interactions with the operating system loader and generator
initrd. The official Linux source code contains everything you need to build a Debian kernel package, but you must first install the package
build-essentialin order to provide tools for building Debian packages. Moreover, a kernel package is required to configure the kernel libncurses5-dev. Finally, the package fakerootallows you to create Debian packages without administrative privileges.To install the above packages, use the following command:
# apt install build-essential libncurses5-dev fakeroot9.2.2. Download Source
Since the source code for the Linux kernel is available as a package, you can download them by installing the package
linux-source-version. Using the command, apt-cache search ^linux-sourceyou can list the latest Kali kernel versions. Please note that the source code contained in these packages is different from what Linus Torvalds and the kernel developers publish . Like all distributions, Debian and Kali apply a number of patches, which may or may not be present in the official version of Linux. These modifications include backports of patches, functions, and drivers from newer kernel versions, new functions that are not yet fully integrated into the official Linux code, and sometimes even changes specific to Debian and Kali.Below we will consider working with the Linux kernel version 4.9, but our examples, of course, can be adapted to the version of the kernel you need.
Citing this example, we assume that a binary package is installed
linux-source-4.9. Please note that we install the binary package containing the official source code, but do not download the package with the Kali source code called linux.# apt install linux-source-4.9
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following additional packages will be installed:
bc libreadline7
Suggested packages:
libncurses-dev | ncurses-dev libqt4-dev
The following NEW packages will be installed:
bc libreadline7 linux-source-4.9
0 upgraded, 3 newly installed, 0 to remove and 0 not upgraded.
Need to get 95.4 MB of archives.
After this operation, 95.8 MB of additional disk space will be used.
Do you want to continue? [Y/n] y
[...]
# ls /usr/src
linux-config-4.9 linux-patch-4.9-rt.patch.xz linux-source-4.9.tar.xz9.2.3. Kernel tuning
The next step is to configure the kernel to suit your needs. The exact procedure depends on the goals of the person who builds the new kernel.
The build process depends on the kernel configuration file. In most cases, it makes sense to deviate as little as possible from the standard Kali configuration file, which, as with all Linux distributions, is installed in the directory
/boot. In this case, instead of reconfiguring everything from scratch, just make a copy of the file /boot/config-version. The version should be exactly the same as the version of the kernel currently being used, which can be found out using the command uname -r. Place the copy in the file .configlocated in the directory containing the kernel source code.$ cp /boot/config-4.9.0-kali1-amd64 ~/kernel/linux-source-4.9/.configIn addition, since there is a standard kernel configuration in
arch/arch/configs/*_defconfig, you can put the selected configuration where you need it, using a command like make x86_64_defconfig(in the case of a 64-bit PC), or make i386_defconfig(for a 32-bit computer). In the event that you do not need configuration changes, here you can stop and go to section 9.2.4, “Compiling and Building the Package”. If you need to make changes, or you decide to reconfigure everything from scratch, then you will need to do the settings. In the source folder, there are special tools for configuring the kernel. To use them, you need a command of the form
make target, where target — is the name of one of the tools described below. Command
make menuconfigcompiles and runs a text interface designed to configure the kernel (this is where the package is needed libncurses5-dev), which gives access to many kernel settings presented in a hierarchical structure. Pressing the space bar allows you to change the value of the selected option. Press Enter to “click” on the buttons that are selected at the bottom of the screen. The button Selectat the bottom of the screen is used to go to the selected submenu. The button Exitcloses the current screen and moves up the hierarchy. The button Helpdisplays more detailed information about the selected option. Arrow keys allow you to navigate through the list of options and on-screen buttons. To exit the configuration program, select the commandExitfrom the main menu. Then the program will offer to save the changes made, do it if everything suits you. Other tools have similar capabilities, but they are designed as graphical applications. For example, the team
make xconfiguses a graphical interface based on Qt, the team make gconfiguses GTK +. The first of these two commands requires availability libqt4-dev, while the second depends on libglade2-devand libgtk2.0-dev.▍Working with obsolete .config files
When you use a file.configthat is generated for a different (usually older) version of the kernel, you will need to update it as well. This can be done with the help of a commandmake oldconfigthat, in an interactive mode, will ask a number of questions about new configuration options. If you want to use the default answers to all questions, you can use the commandmake olddefconfig. The commandmake oldnoconfigallows you to automatically answer negatively to all questions.
9.2.4. Compiling and building a package
▍ Cleaning before rebuilding
If you have already compiled the kernel in the directory you are working with and want to rebuild everything from scratch (for example, because you have significantly changed the kernel configuration), you need to run the commandmake cleanin order to delete the compiled files. The commandmake distcleandeletes even more generated files, including the file.config. Therefore, before the cleanup operation, make a backup copy of this file just in case.
After the kernel configuration is complete, we need a simple command
make deb-pkg. It allows you to generate up to five Debian packages in a standard format .deb. These are the following files:- The file
linux-image-versioncontains a kernel image and corresponding modules. - The file
linux-headers-versioncontains the header files required to build external modules. - The file
linux-firmware-image-versionincludes firmware files that some drivers need (this package may not be available if you are building the kernel from sources taken from Debian or Kali). - The file
linux-image-version-dbgcontains debugging symbols for the kernel image and its modules. - The file
linux-libc-devincludes headers related to some user space libraries, such as GNU C (glibc).
The value
versionin the file name is given as a combination of the official version (as defined in the variables VERSION, PATCHLEVEL, SUBLEVELand EXTRAVERSIONin Makefile) configuration option LOCALVERSIONand the environment variable LOCALVERSION. When generating a package version, the same version line is used with the revision number attached to it, which is regularly increased (and stored in .version), unless you have redefined this number using an environment variable KDEB_PKGVERSION.$ make deb-pkg LOCALVERSION=-custom KDEB_PKGVERSION=$(make kernelversion)-1
[...]
$ ls ../*.deb
../linux-headers-4.9.0-kali1-custom_4.9.2-1_amd64.deb
../linux-image-4.9.0-kali1-custom_4.9.2-1_amd64.deb
../linux-image-4.9.0-kali1-custom-dbg_4.9.2-1_amd64.deb
../linux-libc-dev_4.9.2-1_amd64.debIn order to use the assembled kernel, there is only one step left, which consists in installing the required packages using the command
dpkg -i file.deb. Here you need a package linux-image. If there are external kernel modules for assembly, you will need to install the package linux-headers. This happens if some packages are installed *-dkms(you can verify this using the command dpkg -l "*-dkms" | grep ^ii). Other packages are not needed in most cases.Summary
Today we talked about building our own kernel for Kali Linux. This process involves loading the source code, performing the necessary modifications, compiling, and, in fact, building. After that, the new kernel can be installed and used. Next time we’ll talk about creating Live images that can be used to boot the system from optical media and flash drives.
Dear readers! If you were building your own Linux kernels, please share your experience.
Previous parts:
→ Part 1. Kali Linux: security policy, protecting computers and network services
→ Part 2. Kali Linux: filtering traffic using netfilter
→ Part 3. Kali Linux: monitoring and logging
→ Part 4.Kali Linux: exercises to protect and monitor the system
→ Part 5. Kali Linux: assessment of system security
→ Part 6. Kali Linux: types of checks of information systems
→ Part 7. Kali Linux: formalization of research and types of attacks
→ Part 8. Kali Linux: control security research questions
→ Part 9. Kali Linux: package modification