A Guide to OpenBSD Custom Kernel Compilation :: Hack In The Box

A Guide to OpenBSD Custom Kernel Compilation
Posted by L33tdawg on Tuesday, September 18, 2001 - 10:55 PM (Reads: 8190)

Source:

Note: This article first appeared over at http://www.openbsddiary.org and has been republished here with permission from the author.

By:Deekayen

I booted up my new OpenBSD system and one of the first things I did was type top to figure out what was running, how much processor it was taking, and how much memory I had available while the machine was idling. With 24 mb of ram, I had about 4 mb free which I didn't find acceptable. The first thing I did was try to figure out how to cut that down and the answer was to compile my own kernel.

The default kernel in OpenBSD is called GENERIC. There are many references to it all over the official website. I couldn't find the kernel source for OpenBSD anywhere on my system so I found it on the OpenBSD site at:

ftp://ftp.openbsd.org/pub/OpenBSD/2.9/srcsys.tar.gz

I downloaded it to /root (because that's what I was in) and did:

#: tar -xzvf srcsys.tar.gz
#: mv sys /usr/src
#: cd /usr/src/sys/arch/i386/conf

That got me to where I need to configure my new kernel. It's also where the GENERIC kernel configuration file lives. If you want to just practice compiling a kernel and not get deep into configuration, you type:

#: config GENERIC
#: cd ../compile/GENERIC
#: make depend && make
#: mv /bsd /bsd-original
#: cp bsd /

That will compile the same kernel that was installed by default. Note that if you're not running a i686 system, you'll need to edit the GENERIC file first and change the lines at the very top to just have the processer architecture of your system. In my configuration I just have I486_CPU at the top with the others commented out since I only have a 486 to work with.

Once you have the bsd kernel file moved to the root directory, you can reboot with shutdown -r now or simply reboot. The former is a little cleaner so your system can be sure to run any shutdown scripts.

If your system won't boot for some reason with the new kernel, at the boot> prompt, type bsd-original instead of letting it load bsd. That will load the kernel that was in the default installation that you made a copy of before moving in the newly compiled kernel.

I want to set my 486 up as a gateway/router/nat thing and free up a lot of memory on my system, so I decided not to use the GENERIC kernel file. I put together a different configuration that only uses about 8 mb of memory and enables a lot of features needed for routing and filtering traffic on my network. My configuration is at:

TUNED

Put the TUNED file in the same directory as the GENERIC.

#: mv TUNED /usr/src/sys/arch/i386/conf

Then tell the system to use TUNED as the configuration file:

#: cd /usr/src/sys/arch/i386/conf
#: conf TUNED

Then you should get a message. If it's not an error, you're ready to go:

#: cd ../compile/TUNED
#: make depend && make

When that's done, move the kernel to the root directory and reboot:

#: mv /bsd /bsd-original
#: mv bsd /
#: shutdown -r now

If it won't boot the new kernel, don't panic, you saved the old one (if you've done everything this said). When the computer is booting up and just before it spits out the kernel output, at the boot prompt type:

boot> /bsd-original

Of course your mileage may vary. There are more details on booting your backup kernel from O'Reilly.

Then I edited /etc/rc.conf and turned on ipfilter and ipnat. They're about 2/3 of the way down the file. To turn on the encrypted swapping, I edited vm.swapcrypt.enable in /etc/sysctl.conf. While I was in there I turned on net.inet.ipforwarding too to prepare for my network filtering and nat scripts.

1.) Using Secure Protocols - How to setup SSL wrapped POP - madirish
2.) Intranet Security 101 - orange
3.) Revelation 7:11 - biatch0
4.) A Guide to OpenBSD Custom Kernel Compilation - deekayen
5.) streamyx - You want it, but you can't have it, cause we can't do it - L33tdawg
6.) Ogg Vorbis - A brief Look - Yeah

(

)