Kernel

Net

Learn about the sysctl command and the values related to the network class.

Summary

This class defines the parameters related to the networking stack.

Sysctl: net.ipv4.ip_forward

The sysctl key net.ipv4.ip_forward key is used to define IP forwarding of IPv4 network packets. Learn about the possible values of this key and their meaning.

Summary

This sysctl key defines if a system should allow forwarding of IPv4 network packets. This functionality is required for systems that act as a gateway or router. IP forwarding is normally not required for most desktops and servers.

Sysctl: kernel.perf_event_paranoid

Understand and configure the sysctl kernel.perf_event_paranoid key, including the possible values and their meaning.

Summary

This sysctl key controls the use of the performance events system. It restricts what actions an unprivileged user can do when using the perf tools. This setting is useful to limit the access to possibly sensitive information that can be gathered from the kernel and processes. Debian-based systems may have higher numbers available than the current upper limit of 2, which is also the default value.

What is a tainted kernel

Learn what it means when the Linux kernel is marked as tainted, including finding the cause.

Summary

Learn what it means when the kernel is tainted

How to find the specific cause of a tainted kernel

Learn what it means when the Linux kernel is marked as tainted and in particular the underlying cause.

Summary

Learn about the specific cause that tainted the kernel

Sysctl

Learn about the sysctl command and how it can help with kernel tunables to alter the system configuration and perform additional security hardening.

Summary

Introduction The sysctl tool allows configuring kernel parameters or tunables. By changing related sysctl keys and their individual values, the system behavior can be changed. Several keys are related to security and can help with kernel hardening, or system hardening in general. Files and locations The configuration of sysctl is typically spread over multiple files and paths. Systems with systemd will have additional paths. Files are read in order and the first match of a kernel setting is used.

Kernel

Learn about the sysctl command and the values related to the kernel class.

Summary

This class defines global kernel parameters.

Kernel.tainted

Understand and configure the sysctl kernel.tainted key, including the possible values and their meaning.

Summary

This is a setting that you would normally not change. It is a state that shows if the kernel was tainted. If the value is higher than zero, than it is tainted. Relevant FAQ: What is a tainted kernel?

Livepatch: Linux kernel updates without rebooting

Livepatch is a feature to do live kernel patching for Linux systems. It allows applying security updates without rebooting the system. Learn how it works!

Summary

If you run a Linux server, software patching is a task that will have to be performed on a regular basis. Although most programs can be auto-restarted with a tool like needrestart, there is one exception: the kernel. Wouldn’t it be a nice if we could update the kernel without the mandatory reboot? Here is livepatch, the feature of the Linux kernel that makes it possible. Let’s discover how it works and if you can use it on your system.

Linux and ASLR: kernel/randomize_va_space

ASLR protects the Linux kernel and programs against different attacks. It can be tuned with the randomize_va_space setting to provide different protections.

Summary

Configuring ASLR with randomize_va_space The Linux kernel has a defense mechanism named address space layout randomization (ASLR). This setting is tunable with the randomize_va_space setting. Before making changes to this setting, it is good to understand what this Linux security measure actually does and how it works. Understanding ASLR In 2001 the term ASLR was first introduced as a patch to the Linux kernel. Its main goal was to randomize memory segments to make abuse by malicious programs harder.

Linux hardening with sysctl settings

The Linux kernel can be secured as well. Learn how system hardening principles can be applied using sysctl settings.

Summary

The GNU/Linux kernel powers a lot of systems, from big mainframes to the Android device in your pocket. If you want to achieve more security on your Linux systems, it would make sense to start hardening there, right? While securing the kernel looks easy at first sight, there is more to it than initially meets the eye. We will have a look at some kernel options and how to select the best sysctl values for Linux systems.

Monitor file access by Linux processes

Linux is powerful with the help of small utilities like lsof and strace. They help with monitoring disk and file activity, of new and running processes.

Summary

Processes are the running workforce on a Linux system. Each process has a particular goal, like forking child processes, handling incoming user requests of monitoring other processes. As a system administrator or IT auditor, you might want to know at some point what disk activity occurs in a process. In this article, we have a look at a few options to quickly reveal what is occuring in a process, including disk and file activity.

Linux kernel security and how to improve it

Every system is as strong as its weakest link, especially the system kernel. This article explains Linux kernel security, what we can do and how to do so.

Summary

Every system is as strong as its weakest link. In the case of an operating system like Linux, one weakness in the kernel could result in a security breach. This article covers the Linux kernel features and how they work. Kernel features Live kernel patching As the kernel is similar to other software, it receives updates to improve it. Now and then a security weakness is discovered in one of the subsystems of the Linux kernel.