Here we are for the fourth part of the Gentoo vServer setup series. I reached chapter 7 of the Gentoo install guide, "Configuring the Kernel". As already mentioned in the last article I'm going to use the hardened sources because they contain some patches which will make the server more secure (and I think should be available/enabled in all kernel sources by default). You can have a look at the page of the Gentoo hardened project for more information about it.
Usually configuring a kernel the first time is a pain in the...you know. There are hundreds of settings you can switch on or off and especially when configuring your first kernel it seems to be impossible to choose the right settings. I also feel like it was ages ago when I configured my kernel for my small home server. So I was looking for some guidance on how to choose the right settings and also to keep the kernel as small as possible.
Thanks to the help in the Gentoo forums I found http://kernel-seeds.org/. A guy called Pappy generously provides configs for all kernel flavours Gentoo offers. I downloaded the one for the x86_64 hardened sources and placed it into the source path of my kernel /usr/src/linux-2.6.37-hardened-r7, renamed it into .config and run make menuconfig. Since I never really understood all the settings I took the time to read through http://kernel-seeds.org/settings-01.html. If you got the time, take a cup of tea and read through it as well. You'll get some interesting insights of what the kernel is able to do and which antique devices it still supports. But you can also go ahead without it.
What you need to do in any case is to check which drivers to enable to make your system work after you're finished with installing the system. Given you're logged into the rescue linux system, you have the lspci command at your hand. Pappy describes how to use it and the information found in /proc/cpuinfo to gather the necessary information to enable the right modules in addition to the settings already set by the kernel seed. When all that is set, it's tome for make && make modules_install.
The rest of the Gentoo install guide can be followed as is and after building the kernel and configuring grub your system should be able to run on it's kernel without the need of a live or rescue linux system. Congratulations, you now have a KM based virtual server running Gentoo that is easily kept up-to-date.
I will try to continue writing about the server setup when I encounter problems where I can only find little information scattered throughout the internet. Until now I find the information about the tools needed to take advantage of the hardened kernel features are a somewhat sparse but I might haven't found the right source yet. Anyway the server is up and running nicely and the security tools are not the only thing to write about. Also the migration of the mail server is not an every day task.
This article is part of a series:
- Moving to a KVM based Gentoo VServer
- First steps of the Gentoo install
- Processor and MAKEOPTS
