The Openwall project has published the release of the LKRG 0.9.4 (Linux Kernel Runtime Guard) kernel module, designed to detect and block attacks and violations of the integrity of kernel structures. For example, the module can protect against unauthorized changes to the running kernel and attempts to change the permissions of user processes (exploit detection). The module is suitable both for organizing protection against exploits of already known Linux kernel vulnerabilities (for example, in situations when it is problematic to update the kernel in the system), and for countering exploits for yet unknown vulnerabilities. The project code is distributed under the GPLv2 license. You can read about the features of the LKRG implementation in the first announcement of the project.
Among the changes in the new version:
- Added support for the OpenRC init system.
- Compatibility with LTS-kernels of Linux 5.15.40+ is provided.
- The design of messages output to the log has been redesigned to simplify automated analysis and ease of perception during manual parsing.
- LKRG messages have their own log categories, making them easy to separate from the rest of the kernel messages.
- Kernel module renamed from p_lkrg to lkrg.
- Added installation instructions using DKMS.
Source: opennet.ru