Kernel Upgrade/Patch

NOTE: This part is only needed when you are planning to use multiple honeypots along with IPVS in your setup. If you are only running honeypots on a single server, you can skip this part.

To solve the Martian “problem” that comes when using IP: Virtual Server to integrate Argos in the IDS system the kernel needs to be patched.

To solve the source based routing limit the kernel needs to be upgraded to 2.6.19 or higher.


apt-get install kernel-package libncurses5-dev fakeroot wget bzip2
cd /usr/src

Download the newest kernel sources at

tar xjf linux-2.6.21.tar.bz2
cd linux-2.6.21

Now to configure the kernel options:

make menuconfig

Load the current kernel configuration. Choose 'Load an Alternate Configuration File' in the menu and fill in as location '/boot/' in.

Now to integrate the IP: Virtual Server in the kernel. In the kernel 2.6.21 the options are located in: Networking > Networking support > Networking options > IP: Virtual Server Configuration

Mark all but debugging as 'built in', see the following image.

If there's nothing else that has to be changed choose “Exit' and save the configuration.

Note: If you are using iptables think about marking 'conntrack' in the netfilter configuration.


Download the corresponding patch file at: Download the version that's suitable for the kernel version that will be installed. In this case it will be 'forward_shared-2.6.21-2.diff' file.

Rename the file extension to .diff.

cd /usr/src/linux-2.6.21

Install the patch:

cat forward_shared-2.6.21-2.diff | patch -p1

Continue with:

make-kpkg clean
fakeroot make-kpkg --initrd --revision=lvs.dr.patch.1.0 kernel_image

Now the dpkg package is ready install with:

cd /usr/src
dpkg -i linux-image-2.6.21_lvs.dr.patch.1.0_i386.deb

Reboot the tunnel server and check if the patch is applied succesfully:

uname -a
    Linux director 2.6.21 #1 [...] i686 GNU/Linux
cat /proc/sys/net/ipv4/conf/all/forward_shared

If the last command gives the error: 'No such file or directory' the patch isn't applied succesfully.

The kernel is now upgraded and succesfully patched

kb/patching_kernel.txt · Last modified: 2012/07/12 11:27 (external edit)
Recent changes RSS feed Creative Commons License Donate Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki