path: root/system/OpenSnitch/README.SLACKWARE

The eBPF module requires the following kernel features:
KProbes (CONFIG_KPROBES = y)
syscalls tracing support (CONFIG_FTRACE_SYSCALLS = y)

Instructions for compiling the kernel are taken from the following website:
https://www.slackbook.org/html/system-configuration-kernel.html

Run all of the following commands below as root.

- Enter into the kernel source directory:
cd /usr/src/linux

- Back up the current .config file:
cp .config .config_backup

- Bring the kernel back to its base state:
make mrproper

- Restore the previous .config file:
cp .config_backup .config

- Configure the kernel (it will load up .config):
make menuconfig

- Enable KProbes support:
General architecture-dependent-options  --->
    [*] KProbes

- Enable syscalls tracing:
Kernel Hacking  --->
    [*] Tracers  --->
        [*] Trace Syscalls

- Save the changes before exiting.
- After exiting, prepare the source tree for compiling:
make dep
make clean

- Compile the kernel:
make bzImage

- Then compile kernel modules:
make modules

- Back up previous vmlinuz and System.map files
- Then copy the new vmlinuz and System.map files to /boot
- For example (change depending on ARCH, generic vs huge kernel, etc.):
KERNEL_VER=$(uname -r)
mv /boot/vmlinuz-generic-$KERNEL_VER /boot/vmlinuz-generic-$KERNEL_VER-old
cp arch/x86_64/boot/bzImage /boot/vmlinuz-generic-$KERNEL_VER
mv /boot/System.map-generic-$KERNEL_VER /boot/System.map-generic-$KERNEL_VER-old
cp System.map /boot/System.map-generic-$KERNEL_VER

- After finishing all of the steps above, install the kernel:
make modules_install

- To load all the tracepoints for the eBPF module (otherwise, OpenSnitch will display a warning):
- Mount debugfs at boot time
- That is, edit /etc/fstab and add the following line: 
debugfs   /sys/kernel/debug   debugfs   defaults   0   0

- Please complete any extra necessary steps on your system
(ex. recompile initrd, run /sbin/lilo, etc.)