Kernel

How to check if your Arch Linux system needs a reboot

Want to check if a reboot of the system is needed on Arch Linux? Here is how that can be done including the relevant commands.

Summary of How to check if your Arch Linux system needs a reboot

By default Arch will install the kernel in /boot with the name vmlinuz-linux. To determine if the system is running the latest kernel, we can compare the running kernel and the one on disk. Running kernel One way to determine the running kernel is with the uname command. By default installed and with the -r parameter it will provide the kernel release version. # uname -r 3.17.4-1-ARCH Kernel on disk Checking the latest kernel on disk is almost as easy.

Read the full article…

Increase kernel integrity with disabled Linux kernel modules loading

The Linux kernel can be configured to disallow loading new kernel modules. The sysctl key kernel.modules_disabled is very straightforward for this purpose. In this article, we will have a look at the setting and how to use it.

Summary of Increase kernel integrity with disabled Linux kernel modules loading

Disable loading kernel module on Linux systems The Linux kernel can be configured to disallow loading new kernel modules. This feature is especially useful for high secure systems, or if you care about securing your system to the fullest. In this article, we will have a look at the configuration of this option. At the same time allowing legitimate kernel modules to be loaded. Disable kernel modules Newer kernel modules have a sysctl variable named kernel.

Read the full article…

Kernel hardening: Disable and blacklist Linux modules

The Linux kernel provides modular support to allow loading kernel modules during runtime. To prevent security issues, learn how to disable or blacklisting.

Summary of Kernel hardening: Disable and blacklist Linux modules

The Linux kernel is modular, which makes it more flexible than monolithic kernels. New functionality can be easily added to a run kernel, by loading the related module. While that is great, it can also be misused. You can think of loading malicious modules (e.g. rootkits), or unauthorized access to the server and copy data via a USB port. In our previous article about kernel modules, we looked at how to prevent loading any module.

Read the full article…

Linux hardening with sysctl settings

The Linux kernel can be secured as well. Learn how system hardening principles can be applied using sysctl settings.

Summary of Linux hardening with sysctl settings

The GNU/Linux kernel powers a lot of systems, from big mainframes to the Android device in your pocket. If you want to achieve more security on your Linux systems, it would make sense to start hardening there, right? While securing the kernel looks easy at first sight, there is more to it than initially meets the eye. We will have a look at some kernel options and how to select the best sysctl values for Linux systems.

Read the full article…

Linux kernel security and how to improve it

Every system is as strong as its weakest link, especially the system kernel. This article explains Linux kernel security, what we can do and how to do so.

Summary of Linux kernel security and how to improve it

Every system is as strong as its weakest link. In the case of an operating system like Linux, one weakness in the kernel could result in a security breach. This article covers the Linux kernel features and how they work. Kernel features Live kernel patching As the kernel is similar to other software, it receives updates to improve it. Now and then a security weakness is discovered in one of the subsystems of the Linux kernel.

Read the full article…

Protect against ptrace of processes: kernel.yama.ptrace_scope

Using the Linux Security Module (LSM) Yama we can protect the system against the usage of ptrace. The sysctl key kernel.yama.ptrace_scope sets the behavior.

Summary of Protect against ptrace of processes: kernel.yama.ptrace_scope

Hardening the kernel with kernel.yama.ptrace_scope Ptrace is a great troubleshooting tool for developers to determine how a process functions. It can be used to find programming flaws, like memory leakage. On the other hand, the tool also be used by people with malicious intent. For example to debug a process as a non-privileged user and find the contents of application memory. Yama Linux has the ability to include Linux Security Modules, to provide additional features with the means of a module.

Read the full article…