From 7e21c0085fec669979039856ea3754ac9573bbf3 Mon Sep 17 00:00:00 2001 From: Silvino Silva Date: Sat, 10 Mar 2018 14:55:29 +0000 Subject: core linux better config documentation --- core/index.html | 283 +++++++++++---------- core/linux.html | 731 ++++++++++++++++++++++++++++++++++++++++++++++--------- core/reboot.html | 14 +- 3 files changed, 786 insertions(+), 242 deletions(-) (limited to 'core') diff --git a/core/index.html b/core/index.html index 217ae01..7818109 100644 --- a/core/index.html +++ b/core/index.html @@ -1,139 +1,162 @@ - - c9 Core OS + + c9 Core OS - Documentation Index - -

c9 Core OS

- -

c9 Core OS covers installation and configuration of - basic functionality of Crux 3.3 Gnu\Linux operating system. - This documentation try's to follow Crux HandBook installation - method diverges, for example, by only installing and - documenting gpt and grub2.

- -

Read Crux HandBook, - you can ask for help on freenode #crux. Check scripts - folder the install process is automated and ports - for extra ports used during the installation.

- -

1. Install Crux 3.3 Gnu/Linux

- -

1.1. Install Crux 3.3 -
-
1.2. Configure -
-
1.3. Ports -
-
1.4. Prepare for reboot -
- 1.4.1. Kernel
- 1.4.2. Dracut
- 1.4.3. Grub
- 1.4.4. Checkup
-

- -

2. System Administration

- -

2.1. Linux Kernel -
-
2.2. Hardening -
- 2.2.1. AppArmor
- 2.2.2. Sysctl
- 2.2.3. Toolchain
- 2.2.4. Samhain
-
2.3. Network -
- 2.3.1. Resolver
- 2.3.2. Static ip
- 2.3.3. Iptables
- 2.3.4. Wpa and dhcpd
-
2.4. Package Management -
-
2.5. Terminals and shells -
- 2.5.1. Dash
- 2.5.2. Bash
- 2.5.3. Tmux
-
2.6. Exim -
- 2.6.1. Exim configuration
- 2.6.2. Certificates
- 2.6.3. Aliases
- 2.6.4. Smarthost
- 2.6.5. Fetchmail
-

- - Documentation Index - -

+ Documentation Index + +

c9 Core OS

+ +

c9 Core OS covers installation and configuration of + basic functionality of Crux 3.3 Gnu\Linux operating system. + This documentation try's to follow Crux HandBook installation + method diverges, for example, by only installing and + documenting gpt and grub2.

+ +

Read Crux HandBook, + you can ask for help on freenode #crux. Check scripts + folder the install process is automated and ports + for extra ports used during the installation.

+ +

1. Install Crux 3.3 Gnu/Linux

+ +

1.1. Install Crux 3.3 +
+
1.2. Configure +
+
1.3. Ports +
+
1.4. Prepare for reboot +
- 1.4.1. Kernel
- 1.4.2. Dracut
- 1.4.3. Grub
- 1.4.4. Checkup
+

+ +

2. System Administration

+ +

2.1. Linux Kernel +
+
2.2. Hardening +
- 2.2.1. AppArmor
- 2.2.2. Sysctl
- 2.2.3. Toolchain
- 2.2.4. Samhain
+
2.3. Network +
- 2.3.1. Resolver
- 2.3.2. Static ip
- 2.3.3. Iptables
- 2.3.4. Wpa and dhcpd
+
2.4. Package Management +
+
2.5. Terminals and shells +
- 2.5.1. Dash
- 2.5.2. Bash
- 2.5.3. Tmux
+
2.6. Exim +
- 2.6.1. Exim configuration
- 2.6.2. Certificates
- 2.6.3. Aliases
- 2.6.4. Smarthost
- 2.6.5. Fetchmail
+

+ + Documentation Index + +

diff --git a/core/linux.html b/core/linux.html index 3be6d77..de41572 100644 --- a/core/linux.html +++ b/core/linux.html @@ -1,4 +1,4 @@ - + @@ -16,26 +16,17 @@ Linux Non-Libre pages for more links and information.

2.1.1. Port Linux Libre

- -

Default crux configuration can be obtained from iso, - kernel port depend on dracut, grub2 - and grub2-efi. You don't need them to build with pkgmk, to install - boot related tools use prt-get;

- +

Spectre-meltdown checker;

-        $ prt-get depinst linux-gnu
+        https://github.com/speed47/spectre-meltdown-checker/

2.1.2. Manual Install

2.1.1. Download Linux Libre

Download Linux Source from linux libre, or using the port system;

Linux-gnu port comes with default config that is a good starting - point to personalize according to your needs.

         $ mkdir ~/kernel
         $ cd ~/kernel
@@ -75,15 +66,34 @@
         $ patch -p1 < ../enable_additional_cpu_optimizations_for_gcc_v4.9%2B_kernel_v3.15%2B.patch

Configure kernel according to your current kernel - hardware support;

Cleaning targets:

+ +

+        clean           - Remove most generated files but keep the config and
+                    enough build support to build external modules
+        mrproper        - Remove all generated files + config + various backup files
+        distclean       - mrproper + remove editor backup and patch files
+

+ +

Prepare sources for configuration;

+ +

+        $ make distclean
+

+ +

2.1.2. Configure

+ +

Port linux-gnu port comes with default configuration file that is + a good starting point to tune kernel according to your needs. To + automatically configure kernel with support to your hardware + based on modules loaded by current kernel run.

         $ make localmodconfig

Get information about your hardware, for example information - about which graphic module (driver) is in use +

To get more information about the hardware, for example + information about which graphic module (driver) is in use as root run;

@@ -91,101 +101,602 @@
         Kernel driver in use: i915

Before start compiling check configuration;

Make configuration targets;

+ +

+        config          - Update current config utilising a line-oriented program
+        nconfig         - Update current config utilising a ncurses menu based program
+        menuconfig      - Update current config utilising a menu based program
+        xconfig         - Update current config utilising a Qt based front-end
+        gconfig         - Update current config utilising a GTK+ based front-end
+        oldconfig       - Update current config utilising a provided .config as base
+        localmodconfig  - Update current config disabling modules not loaded
+        localyesconfig  - Update current config converting local mods to core
+        silentoldconfig - Same as oldconfig, but quietly, additionally update deps
+        defconfig       - New config with default from ARCH supplied defconfig
+        savedefconfig   - Save current config as ./defconfig (minimal config)
+        allnoconfig     - New config where all options are answered with no
+        allyesconfig    - New config where all options are accepted with yes
+        allmodconfig    - New config selecting modules when possible
+        alldefconfig    - New config with all symbols set to default
+        randconfig      - New config with random answer to all options
+        listnewconfig   - List new options
+        olddefconfig    - Same as silentoldconfig but sets new symbols to their default value
+        kvmconfig       - Enable additional options for kvm guest kernel support
+        xenconfig       - Enable additional options for xen dom0 and guest kernel support
+        tinyconfig      - Configure the tiniest possible kernel
+

+ +

Following configuration try's to be generic about the hardware + support while addressing the requirements of applications such as + qemu, docker, etc. For more information about hardening options read + kernsec.org. Configure kernel + using ncurses;

         $ make nconfig

+            CONFIG_BUG_ON_DATA_CORRUPTION=y
+
+            # Perform extensive checks on reference counting.
+            CONFIG_REFCOUNT_FULL=y
+
+            # Check for memory copies that might overflow a structure in str*() and mem*() functions both at build-time and run-time.
+            CONFIG_FORTIFY_SOURCE=y
+
+

+ +

2.1.2.1 General Setup

CONFIG_POSIX_MQUEUE=y: POSIX Message Queues
CONFIG_VMAP_STACK=y: Use a virtually-mapped stack; Adds guard pages to kernel stacks (not all architectures + support this yet).
CONFIG_CGROUPS=y: Control Group support
CONFIG_MEMCG=y: Memory controller
CONFIG_MEMCG_SWAP=y: Swap controller
CONFIG_MEMCG_SWAP_ENABLED=y: Swap controller enabled by default
CONFIG_BLK_CGROUP=y: IO controller
CGROUP_SCHED=y: CPU controller
FAIR_GROUP_SCHED=y: Group scheduling for SCHED_OTHER
CONFIG_CFS_BANDWIDTH=y: CPU bandwidth provisioning for FAIR_GROUP_SCHED
CONFIG_RT_GROUP_SCHED=y: Group scheduling for SCHED_RR/FIFO
CONFIG_CGROUP_PIDS=y: PIDs controller; Freezer controller; HugeTLB controller; Cpuset controller; Include legacy /proc//cpuset file; Device controller; Simple CPU accounting controller; Perf controller

+ +

Namespaces support

UTS namespace

IPC namespace

User namespace

PID Namespaces

Network namespace

+ + +

CONFIG_COMPAT_BRK=n: Disable heap randomization; Dangerous; enabling this disables brk ASLR.
CONFIG_SLAB_FREELIST_RANDOM=y: Randomize allocator freelists, harden metadata.
CONFIG_SLAB_FREELIST_HARDENED=y: Randomize allocator freelists, harden metadata.
CONFIG_SLUB_DEBUG=y
+: Enable SLUB debugging support; Allow allocator validation checking to be enabled + (see "slub_debug=P" below).
CONFIG_CC_STACKPROTECTOR=y: Use -fstack-protector-strong (gcc 4.9+) for best stack canary coverage.
CONFIG_CC_STACKPROTECTOR_STRONG=y: Use -fstack-protector-strong (gcc 4.9+) for best stack canary coverage.

+ + +

2.1.2.2 Enable loadable module support

CONFIG_MODULES=y: Enable loadable module support +; Keep root from altering kernel memory via loadable modules. + set CONFIG_MODULES=n; But if CONFIG_MODULE=y is needed, at least they must be + signed with a per-build key.; + +
CONFIG_DEBUG_SET_MODULE_RONX=y: (prior to v4.11)
CONFIG_STRICT_MODULE_RWX=y: (since v4.11)
CONFIG_MODULE_SIG=y: Module signature verification
CONFIG_MODULE_SIG_FORCE=y: Require modules to be validly signed
CONFIG_MODULE_SIG_ALL=y: Automatically sign all modules
CONFIG_MODULE_SIG_SHA512=y: Sign modules with SHA-512

+ +

2.1.2.3 Enable the block layer

BLK_DEV_THROTTLING=y: Block layer bio throttling support
IOSCHED_CFQ=y: CFQ IO scheduler
CONFIG_CFQ_GROUP_IOSCHED=y: CFQ Group Scheduling support

+ +

2.1.2.4 Processor type and features

+ +

CONFIG_DEFAULT_MMAP_MIN_ADDR=65536: Low address space to protect from user allocation; Disallow allocating the first 64k of memory.
X86_VSYSCALL_EMULATION=n: Enable vsyscall emulation; Required by programs before 2013, some programs my + require.; Remove additional attack surface, unless you really + need them.
CONFIG_SECCOMP=y: Enable seccomp to safely compute untrusted bytecode; Provide userspace with seccomp BPF API for syscall attack surface reduction.
CONFIG_SECCOMP_FILTER=y: Provide userspace with seccomp BPF API for syscall attack surface reduction.
CONFIG_KEXEC=n: kexec system call; Dangerous; enabling this allows replacement + of running kernel.
CONFIG_RANDOMIZE_BASE=y: Randomize the address of the kernel image (KASLR)
CONFIG_RANDOMIZE_MEMORY=y: Randomize the kernel memory sections
CONFIG_LEGACY_VSYSCALL_NONE=y: vsyscall table for legacy applications (None); Modern libc no longer needs a fixed-position mapping in userspace, remove it as a possible target.
CONFIG_COMPAT_VDSO=n: Disable the 32-bit vDSO (needed for glibc 2.3.3); Dangerous; enabling this disables VDSO ASLR.
CONFIG_MODIFY_LDT_SYSCALL=n: Enable the LDT (local descriptor table); Remove additional attack surface, unless you really need them.

+ +

2.1.2.5 Power management and ACPI options

+ +

CONFIG_HIBERNATION=n: Hibernation (aka 'suspend to disk'); Dangerous; enabling this allows replacement of running + kernel.
CONFIG_ACPI_CUSTOM_METHOD=n: Allow ACPI methods to be inserted/replaced at run time; Dangerous; enabling this allows direct physical + memory writing.

+ + +

2.1.2.6 Bus options (PCI etc.)

2.1.2.7 Executable file formats / Emulations

CONFIG_BINFMT_MISC=n: Kernel support for MISC binaries; Easily confused by misconfigured userspace, keep off.
CONFIG_IA32_EMULATION: Remove additional attack surface, unless you really need them.
CONFIG_X86_X32: Remove additional attack surface, unless you really need them.

+ +

2.1.2.8 Networking support

Networking options

CONFIG_INET_DIAG=m: INET: socket monitoring interface; Support for INET (TCP, DCCP, etc) socket monitoring + interface used by native Linux tools such as ss. ss is + included in iproute2; Prior to v4.1, assists heap memory attacks; + best to keep interface disabled.
CONFIG_BRIDGE=y: 802.1d Ethernet Bridging
CONFIG_NET_SCHED=y: QoS and/or fair queueing
CONFIG_NET_CLS_CGROUP=y: Control Group Classifier
CONFIG_VSOCKETS=y: Virtual Socket protocol
CONFIG_VIRTIO_VSOCKETS=y
+: virtio transport for Virtual Sockets
CONFIG_NET_L3_MASTER_DEV=y: L3 Master device support
CONFIG_CGROUP_NET_PRIO=y: Network priority cgroup
CGROUP_NET_CLASSID=y: Network classid cgroup

+ +

CONFIG_NETFILTER=y: Network packet filtering framework (Netfilter)
CONFIG_NETFILTER_ADVANCED=y: Advanced netfilter configuration
BRIDGE_NETFILTER=y: Bridged IP/ARP packets filtering
NF_CONNTRACK=y: Netfilter connection tracking support
NETFILTER_XT_MATCH_ADDRTYPE=y: "addrtype" address type match support
NETFILTER_XT_MATCH_CONNTRACK=y: "conntrack" connection tracking match support
CONFIG_NETFILTER_XT_MATCH_IPVS=y: "ipvs" match support
CONFIG_IP_VS=y: IP virtual server support
IP_VS_PROTO_TCP=y: TCP load balancing support
IP_VS_PROTO_UDP=y: UDP load balancing support
IP_VS_RR=y: round-robin scheduling
IP_VS_NFCT=y: Netfilter connection tracking
CONFIG_NF_CONNTRACK_IPV4=y: IPv4 connection tracking support (required for NAT)
NF_NAT_IPV4=y: IPv4 NAT
NF_NAT_MASQUERADE_IPV4=y: IPv4 masquerade support
IP_NF_IPTABLES=y: IP tables support (required for filtering/masq/NAT)
IP_NF_FILTER=y: Packet filtering
CONFIG_IP_NF_NAT=y: iptables NAT support
IP_NF_TARGET_MASQUERADE=y: MASQUERADE target support
IP_NF_TARGET_NETMAP=y: NETMAP target support
IP_NF_TARGET_REDIRECT=y: REDIRECT target support
CONFIG_SYN_COOKIES=y: IP: TCP syncookie support; Provides some protections against SYN flooding.

+ +

2.1.2.9 Device Drivers

+ +

Multiple devices driver support (RAID and LVM)

+ +

CONFIG_MD=y: Multiple devices driver support (RAID and LVM)
CONFIG_BLK_DEV_DM=y: Device mapper support
DM_THIN_PROVISIONING=y: Thin provisioning target; +

+ +

Network device support

+ +

CONFIG_NETDEVICES=y: Network device support
NET_CORE=y: Network core driver support
CONFIG_DUMMY=y: Dummy net driver support
CONFIG_MACVLAN=y: MAC-VLAN support; This allows one to create virtual interfaces that map + packets to or from specific MAC addresses to a particular + interface. Macvlan devices can be added using the "ip" command + from the route2 package starting with the iproute2.; ip link add link [ address MAC ] [ NAME ] type macvlan"
CONFIG_VXLAN=y: Virtual eXtensible Local Area Network (VXLAN)
CONFIG_TUN=y: Universal TUN/TAP device driver support
CONFIG_VETH=y: Virtual ethernet pair device
IPVLAN=n: IP-VLAN support; Requires ipv6

+ +

Character devices

CONFIG_DEVMEM=n: /dev/mem virtual device support; Do not allow direct physical memory access (but if you must have it, at least enable CONFIG_STRICT_DEVMEM mode...); Enable TTY; Unix98 PTY support
CONFIG_LEGACY_PTYS=n: Legacy (BSD) PTY support; Use the modern PTY interface (devpts) only.; Support multiple instances of devpts
CONFIG_DEVKMEM=n: /dev/kmem virtual device support; Dangerous; enabling this allows direct kernel + memory writing.

+ +

2.1.2.10 Firmware Drivers

2.1.2.11 File systems

Overlay filesystem support
CONFIG_PROC_KCORE=n: /proc/kcore support; Dangerous; exposes kernel text image layout.; HugeTLB file system support

+ +

2.1.2.12 Kernel hacking

+ +

CONFIG_DEBUG=y
CONFIG_DEBUG_RODATA=y
CONFIG_DEBUG_KERNEL=y: Kernel debugging; Make sure kernel page tables have safe permissions.
CONFIG_STRICT_KERNEL_RWX=y: since v4.11; Make sure kernel page tables have safe permissions.
CONFIG_PANIC_ON_OOPS=y: Panic on Oops; This feature is useful to ensure that the kernel does not do + anything erroneous after an oops which could result in data + corruption or other issues.
CONFIG_PANIC_TIMEOUT=-1: Reboot devices immediately if kernel experiences an Oops.
CONFIG_SCHED_STACK_END_CHECK=y: Detect stack corruption on calls to schedule(); Perform additional validation of various commonly targeted structures.
CONFIG_DEBUG_LIST=y: Debug linked list manipulation; Perform additional validation of various commonly targeted structures.
CONFIG_DEBUG_SG=y: Debug SG table operations; Perform additional validation of various commonly targeted structures.
CONFIG_DEBUG_NOTIFIERS=y: Debug notifier call chains; Perform additional validation of various commonly + targeted structures.
CONFIG_DEBUG_CREDENTIALS=y: Debug credential management; Perform additional validation of various commonly + targeted structures.
CONFIG_STRICT_DEVMEM=y: Filter access to /dev/mem; Do not allow direct physical memory access (but if you must have it, at least enable STRICT mode...)
CONFIG_IO_STRICT_DEVMEM=y: Filter I/O access to /dev/mem; Do not allow direct physical memory access (but if you must have it, at least enable STRICT mode...)
CONFIG_DEBUG_WX=y: Warn on W+X mappings at boot; Report any dangerous memory permissions + (not available on all archs).

+ +

Compile-time checks and compiler options

CONFIG_DEBUG_FS=y: Debug Filesystem

+ +

Memory Debugging

CONFIG_PAGE_POISONING=y: Poison pages after freeing; Wipe higher-level memory allocations when they are freed + (needs "page_poison=1" command line below).
CONFIG_PAGE_POISONING_NO_SANITY=y: Only poison, don't sanity check; (If you can afford even more performance penalty, + leave CONFIG_PAGE_POISONING_NO_SANITY=n)
CONFIG_PAGE_POISONING_ZERO=y: Use zero for poisoning instead of random data

+ +

2.1.2.13 Security options

+ +

Enable access key retention support; Enable register of persistent per-UID keyrings; ENCRYPTED KEYS; Diffie-Hellman operations on retained keys
CONFIG_SECURITY=y: Enable different security models; Provide userspace with ptrace ancestry protections.
CONFIG_HARDENED_USERCOPY=y: Harden memory copies between kernel and userspace; Perform usercopy bounds checking.
SECURITY_SELINUX=n: NSA SELinux Support
CONFIG_SECURITY_SELINUX_DISABLE=n: NSA SELinux runtime disable; If SELinux can be disabled at runtime, the LSM structures cannot be read-only; keep off.
CONFIG_SECURITY_APPARMOR=y: AppArmor support; This enables the AppArmor security module. Rquired userspace + tools (if they are not included in your distribution) and further + information may be found at AppArmor
CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=1: AppArmor boot parameter default value
CONFIG_SECURITY_YAMA=y: Yama support; Provide userspace with ptrace ancestry protections.

+ +

2.1.2.14 Cryptographic API

2.1.2.15 Virtualization

+ +

CONFIG_KVM=y: Kernel-based Virtual Machine (KVM) support
CONFIG_KVM_INTEL=y: KVM for Intel processors support; Provides support for KVM on Intel processors equipped with the VT extensions.
CONFIG_KVM_AMD=y: KVM for AMD processors support; Provides support for KVM on AMD processors equipped with the + AMD-V (SVM) extensions.
CONFIG_KVM_DEVICE_ASSIGNMENT=n: KVM legacy PCI device assignment support (DEPRECATED)
CONFIG_VHOST_NET=y: Host kernel accelerator for virtio net; + +
CONFIG_VHOST_VSOCK=y: vhost virtio-vsock driver
CONFIG_VHOST_CROSS_ENDIAN_LEGACY=y: Cross-endian support for vhost

+ +

2.1.2.16 Library routines

+ +

2.1.3. Build

Make targets;

-        $ make help
-        Cleaning targets:
-          clean           - Remove most generated files but keep the config and
-                            enough build support to build external modules
-          mrproper        - Remove all generated files + config + various backup files
-          distclean       - mrproper + remove editor backup and patch files
-
-        Configuration targets:
-          config          - Update current config utilising a line-oriented program
-          nconfig         - Update current config utilising a ncurses menu based
-                            program
-          menuconfig      - Update current config utilising a menu based program
-          xconfig         - Update current config utilising a Qt based front-end
-          gconfig         - Update current config utilising a GTK+ based front-end
-          oldconfig       - Update current config utilising a provided .config as base
-          localmodconfig  - Update current config disabling modules not loaded
-          localyesconfig  - Update current config converting local mods to core
-          silentoldconfig - Same as oldconfig, but quietly, additionally update deps
-          defconfig       - New config with default from ARCH supplied defconfig
-          savedefconfig   - Save current config as ./defconfig (minimal config)
-          allnoconfig     - New config where all options are answered with no
-          allyesconfig    - New config where all options are accepted with yes
-          allmodconfig    - New config selecting modules when possible
-          alldefconfig    - New config with all symbols set to default
-          randconfig      - New config with random answer to all options
-          listnewconfig   - List new options
-          olddefconfig    - Same as silentoldconfig but sets new symbols to their
-                            default value
-          kvmconfig       - Enable additional options for kvm guest kernel support
-          xenconfig       - Enable additional options for xen dom0 and guest kernel support
-          tinyconfig      - Configure the tiniest possible kernel
-
         Other generic targets:
           all             - Build all targets marked with [*]
         * vmlinux         - Build the bare kernel
         * modules         - Build all modules
-          modules_install - Install all modules to INSTALL_MOD_PATH (default: /)
-          firmware_install- Install all firmware to INSTALL_FW_PATH
-                            (default: $(INSTALL_MOD_PATH)/lib/firmware)
-          dir/            - Build all files in dir and below
-          dir/file.[ois]  - Build specified target only
-          dir/file.lst    - Build specified mixed source/assembly target only
-                            (requires a recent binutils and recent build (System.map))
-          dir/file.ko     - Build module including final link
-          modules_prepare - Set up for building external modules
-          tags/TAGS       - Generate tags file for editors
-          cscope          - Generate cscope index
-          gtags           - Generate GNU GLOBAL index
-          kernelrelease   - Output the release version string (use with make -s)
-          kernelversion   - Output the version stored in Makefile (use with make -s)
-          image_name      - Output the image name (use with make -s)
-          headers_install - Install sanitised kernel headers to INSTALL_HDR_PATH
                             (default: ./usr)
 
-        Static analysers
-          checkstack      - Generate a list of stack hogs
-          namespacecheck  - Name space analysis on compiled kernel
-          versioncheck    - Sanity check on version.h usage
-          includecheck    - Check for duplicate included header files
-          export_report   - List the usages of all exported symbols
-          headers_check   - Sanity check on exported headers
-          headerdep       - Detect inclusion cycles in headers
-          coccicheck      - Check with Coccinelle.
-
-        Kernel selftest
-          kselftest       - Build and run kernel selftest (run as root)
-                            Build, install, and boot kernel before
-                            running kselftest on it
-          kselftest-clean - Remove all generated kselftest files
-          kselftest-merge - Merge all the config dependencies of kselftest to existed
-                            .config.
-
-        Kernel packaging:
-          rpm-pkg             - Build both source and binary RPM kernel packages
-          binrpm-pkg          - Build only the binary kernel RPM package
-          deb-pkg             - Build both source and binary deb kernel packages
-          bindeb-pkg          - Build only the binary kernel deb package
-          tar-pkg             - Build the kernel as an uncompressed tarball
-          targz-pkg           - Build the kernel as a gzip compressed tarball
-          tarbz2-pkg          - Build the kernel as a bzip2 compressed tarball
-          tarxz-pkg           - Build the kernel as a xz compressed tarball
-          perf-tar-src-pkg    - Build perf-4.9.9-gnu.tar source tarball
-          perf-targz-src-pkg  - Build perf-4.9.9-gnu.tar.gz source tarball
-          perf-tarbz2-src-pkg - Build perf-4.9.9-gnu.tar.bz2 source tarball
-          perf-tarxz-src-pkg  - Build perf-4.9.9-gnu.tar.xz source tarball
-
         Documentation targets:
          Linux kernel internal documentation in different formats (Sphinx):
           htmldocs        - HTML
@@ -210,12 +721,6 @@
           installmandocs  - install man pages generated by mandocs
           cleandocs       - clean all generated DocBook files
 
-          make DOCBOOKS="s1.xml s2.xml" [target] Generate only docs s1.xml s2.xml
-          valid values for DOCBOOKS are: z8530book.xml kernel-hacking.xml kernel-locking.xml deviceiobook.xml writing_usb_driver.xml networking.xml kernel-api.xml filesystems.xml lsm.xml usb.xml kgdb.xml gadget.xml libata.xml mtdnand.xml librs.xml rapidio.xml genericirq.xml s390-drivers.xml uio-howto.xml scsi.xml debugobjects.xml sh.xml regulator.xml alsa-driver-api.xml writing-an-alsa-driver.xml tracepoint.xml w1.xml writing_musb_glue_layer.xml crypto-API.xml iio.xml
-
-          make DOCBOOKS="" [target] Don't generate docs from Docbook
-             This is useful to generate only the ReST docs (Sphinx)
-
         Architecture specific targets (x86):
         * bzImage      - Compressed kernel image (arch/x86/boot/bzImage)
           install      - Install kernel using
@@ -244,15 +749,23 @@
                         2: warnings which occur quite often but may still be relevant
                         3: more obscure warnings, can most likely be ignored
                         Multiple levels can be combined with W=12 or W=123
-
-        Execute "make" or "make all" to build all targets marked with [*]
-        For further info see the ./README file
-        $

         $ make -j $(nproc) bzImage modules
+

+ +

2.1.5. Install

+          modules_install - Install all modules to INSTALL_MOD_PATH (default: /)
+          firmware_install- Install all firmware to INSTALL_FW_PATH
+                            (default: $(INSTALL_MOD_PATH)/lib/firmware)
+          modules_prepare - Set up for building external modules
+          headers_install - Install sanitised kernel headers to INSTALL_HDR_PATH
+

+ +

         $ sudo make modules_install
         $ sudo cp arch/x86/boot/bzImage /boot/vmlinuz-4.9.86-gnu
         $ sudo cp System.map /boot/System.map-4.9.86-gnu
@@ -264,7 +777,7 @@
         # grub-mkconfig -o /boot/grub/grub.cfg

2.1.3. Manual Remove

2.1.6. Remove

         $ sudo rm -r /lib/modules/4.9.86-gnu
diff --git a/core/reboot.html b/core/reboot.html
index c7e8d9c..ea174a2 100644
--- a/core/reboot.html
+++ b/core/reboot.html
@@ -33,12 +33,20 @@
 
         1.4.1. Kernel
 
-        There is possible to install kernel using a port,
-        c9-ports have linux-gnu
-        port of linux libre,a true source based kernel that
+        
Install linux-gnu port,
+        linux libre kernel is a true source based kernel that
         respects your freedoms. Read linux kernel 
         for more information.
 
+	Default crux configuration can be obtained from iso,
+	kernel port depend on dracut, grub2
+	and grub2-efi. You don't need them to build with pkgmk, to install
+	boot related tools use prt-get;
+
+	+	$ prt-get depinst linux-gnu
+	
+
         If you don't have the port binary package build it;
 
         -- 
cgit 1.4.1-2-gfad0