Openwall project kernel module release (Linux Kernel Runtime Guard), which detects unauthorized changes to the running kernel (integrity check) or attempts to change the permissions of user processes (exploit detection). The module is suitable both for organizing protection against already known exploits for the Linux kernel (for example, in situations when it is problematic to update the kernel in the system), and for countering exploits for yet unknown vulnerabilities. You can read about the features of LKRG in .
Among the changes in the new version:
- The code has been refactored to provide support for various CPU architectures. Added initial support for ARM64 architecture;
- Provided compatibility with Linux 5.1 and 5.2 kernels, as well as kernels built without including the CONFIG_DYNAMIC_DEBUG options when building the kernel,
CONFIG_ACPI and CONFIG_STACKTRACE, and with kernels built with the CONFIG_STATIC_USERMODEHELPER option. Added experimental support for kernels from the grsecurity project; - Significantly changed initialization logic;
- Re-enabled self-hashing in the integrity check subsystem and fixed a race condition in the jump label engine (*_JUMP_LABEL), leading to deadlock on initialization at the same time as loading or unloading other modules;
- New sysctl lkrg.smep_panic (enabled by default) and lkrg.umh_lock (disabled by default) were added to the exploit detection code, additional checks for the SMEP/WP bit were added, the logic for tracking new tasks in the system was changed, the internal logic for synchronization with task resources was redesigned, added support for OverlayFS, whitelisted by Ubuntu Apport.
Source: opennet.ru