Beyond the Stock Kernel: Patching and Building a Kernel for Security and Speed

Steve Suehring, Technical Architect, ICG Media, LLC

Track: Linux
Date: Wednesday, July 26
Time: 10:45am - 11:30am
Location: D137-138

Every major Linux distribution has its own kernel, sometimes referred to as a "stock" kernel, included when the system is installed. Many times this kernel is generic and meant to service a wide range of hardware and installations. Being generic, there are limited optimizations within the stock kernel. Frequently, additional enhancements and security can be found by compiling a custom kernel.

This presentation examines the reasons why an administrator might want to compile their own kernel. The use of monolithic versus modular kernels for server systems is discussed and enhancements such as grsecurity that can be patched into the kernel are also featured. The pitfalls and drawbacks to compiling a custom kernel are also examined as these can play a central role in whether or not a system is supported by a vendor.

The presentation will feature tips for identifying hardware in a running system, the process for obtaining and compiling a kernel, and finally the installation of a custom kernel. Boot loaders and troubleshooting are also examined.