Question: how do you update the kernel after hardening?

Question

Question: how do you update the kernel after hardening?

Thumpermat opened this issue 3 years ago · 4 comments

I used your packer to create a hardened ubuntu server. Now there is a linux kernel update, but because of the hardening the server doesn't get updated with the new kernel.

Which steps should I do in order to update the linux kernel and then harden the system again?

Looking forward to your reply.

Answer 1 · 2021-10-22T20:25:40.000Z

Hi again @Thumpermat,
See konstruktoid/hardened-images#3 regarding a possible workaround for the kernel installation issue.

My workflow is basically:

Create initial image (using the Packer code) and use that as a template
Install and configure wanted services on the server generated from the above template
Maintain and update the server using e.g Ansible

Answer 2 · 2021-10-22T21:07:22.000Z

So you mean that by adding the /boot/grub/grub.cfg and updating grub, it will also update the kernel?

Answer 3 · 2021-10-22T21:13:48.000Z

Create /boot/grub/ if missing and then run update-grub.
There should the be no issues upgrading the kernel after that.

Answer 4 · 2021-10-22T21:33:39.000Z

Thank you very much.