Sysctl

Linux and ASLR: kernel/randomize_va_space

ASLR protects the Linux kernel and programs against different attacks. It can be tuned with the randomize_va_space setting to provide different protections.

Summary of Linux and ASLR: kernel/randomize_va_space

Configuring ASLR with randomize_va_space The Linux kernel has a defense mechanism named address space layout randomization (ASLR). This setting is tunable with the randomize_va_space setting. Before making changes to this setting, it is good to understand what this Linux security measure actually does and how it works. Understanding ASLR In 2001 the term ASLR was first introduced as a patch to the Linux kernel. Its main goal was to randomize memory segments to make abuse by malicious programs harder.

Read the full article…

Linux hardening with sysctl settings

The Linux kernel can be secured as well. Learn how system hardening principles can be applied using sysctl settings.

Summary of Linux hardening with sysctl settings

The GNU/Linux kernel powers a lot of systems, from big mainframes to the Android device in your pocket. If you want to achieve more security on your Linux systems, it would make sense to start hardening there, right? While securing the kernel looks easy at first sight, there is more to it than initially meets the eye. We will have a look at some kernel options and how to select the best sysctl values for Linux systems.

Read the full article…

Linux kernel security and how to improve it

Every system is as strong as its weakest link, especially the system kernel. This article explains Linux kernel security, what we can do and how to do so.

Summary of Linux kernel security and how to improve it

Every system is as strong as its weakest link. In the case of an operating system like Linux, one weakness in the kernel could result in a security breach. This article covers the Linux kernel features and how they work. Kernel features Live kernel patching As the kernel is similar to other software, it receives updates to improve it. Now and then a security weakness is discovered in one of the subsystems of the Linux kernel.

Read the full article…

Protect against ptrace of processes: kernel.yama.ptrace_scope

Using the Linux Security Module (LSM) Yama we can protect the system against the usage of ptrace. The sysctl key kernel.yama.ptrace_scope sets the behavior.

Summary of Protect against ptrace of processes: kernel.yama.ptrace_scope

Hardening the kernel with kernel.yama.ptrace_scope Ptrace is a great troubleshooting tool for developers to determine how a process functions. It can be used to find programming flaws, like memory leakage. On the other hand, the tool also be used by people with malicious intent. For example to debug a process as a non-privileged user and find the contents of application memory. Yama Linux has the ability to include Linux Security Modules, to provide additional features with the means of a module.

Read the full article…

Understand and configure core dumps on Linux

When a Linux program or process gets into trouble, it typically crashes and leaves a core dump. Learn what Linux core dumps are and how to configure them.

Summary of Understand and configure core dumps on Linux

Every system needs running processes to fulfill its primary goal. But sometimes things go wrong and a process may crash. Depending on the configuration of the system a core dump is created. In other words, a memory snapshot of the crashed process is stored. The term core actually refers to the old magnetic core memory from older systems. Although this type of memory is no longer being used, we still use this term on Linux systems.

Read the full article…