当前系统为CentOS Linux release 6.0 (Final),内核版本为2.6.32-71.el6.i686.由于最近内核出现最新的漏洞(linux kernel 又爆内存提权漏洞,2.6.39 内核无一幸免,,所以将内核升级至3.2.2最新版本。
1. 查看当前系统内核
# uname -r2 2.6.32-71.el6.i6862. 下载linux-3.2.2内核包
# cd ~# wget -c # tar jxvf linux-3.2.2.tar.bz2# cd linux-3.2.23. 配置内核并安装
# make mrproper #清除环境变量,即清除配置文件# make menuconfig #在菜单模式下选择需要编译的内核模块找到以下选中选项并选中networking support → networking options→network packet filtering framework(netfilter)
(1).Core netfilter configuration
勾中”Netfilter connection tracking support” -m state相关模块是依赖它的,不选则没有。 将netbios name service protocal support(new) 编译成模块,不然后面升级iptables后启动时会出错 勾中“Netfilter Xtables support (required for ip_tables)”(2).IP: Netfilter Configuration
将 “IPv4 connection tracking support (require for NAT)” 编译成模块。 勾中IP tables support (required for filtering/masq/NAT) 。 将 “Full NAT” 下的 “MASQUERADE target support” 和 “REDIRECT target support” 编译成模块(3).其它模块可以根据自己的需要进行选择,若不懂可以参考内核配置手册.
# make clean #确保所有东西均保持最新状态.# make bzImage #生成内核文件# make modules #编译模块# make modules_install #安装模块# make install #安装4. 编辑/etc/grub.conf文件,将default=1改为 default=0
# cat /etc/grub.conf# grub.conf generated by anaconda## Note that you do not have to rerun grub after making changes to this file# NOTICE: You have a /boot partition. This means that# all kernel and initrd paths are relative to /boot/, eg.# root (hd0,0)# kernel /vmlinuz-version ro root=/dev/mapper/VolGroup-lv_root# initrd /initrd-[generic-]version.img#boot=/dev/sdadefault=1timeout=5splashimage=(hd0,0)/grub/splash.xpm.gzhiddenmenutitle CentOS Linux (3.2.2)root (hd0,0)kernel /vmlinuz-3.2.2 ro root=/dev/mapper/VolGroup-lv_root rd_LVM_LV=VolGroup/lv_root rd_LVM_LV=VolGroup/lv_swap rd_NO_LUKS rd_NO_MD rd_NO_DM LANG=en_US.UTF-8 SYSFONT=latarcyrheb-sun16 KEYBOARDTYPE=pc KEYTABLE=us crashkernel=auto rhgb quietinitrd /initramfs-3.2.2.imgtitle centos (2.6.32-71.el6.i686)root (hd0,0)kernel /vmlinuz-2.6.32-71.el6.i686 ro root=/dev/mapper/VolGroup-lv_root rd_LVM_LV=VolGroup/lv_root rd_LVM_LV=VolGroup/lv_swap rd_NO_LUKS rd_NO_MD rd_NO_DM LANG=en_US.UTF-8 SYSFONT=latarcyrheb-sun16 KEYBOARDTYPE=pc KEYTABLE=us crashkernel=auto rhgb quietinitrd /initramfs-2.6.32-71.el6.i686.img5. 重启系统,并查看内核
# reboot# uname -r3.2.2
勇于接受自己的失败,告诉自己,这就是自己的现实,
