Openwall Project kernel module tso tawm (Linux Kernel Runtime Guard), tsim los tshawb xyuas thiab thaiv kev tawm tsam thiab ua txhaum ntawm kev ncaj ncees ntawm cov qauv kernel. Piv txwv li, lub module tuaj yeem tiv thaiv cov kev hloov pauv tsis tau tso cai rau cov kernel khiav thiab sim hloov cov kev tso cai ntawm cov neeg siv cov txheej txheem (nrhiav kev siv cov exploits). Lub module yog haum rau ob qho tib si rau kev txhim kho kev tiv thaiv uas twb paub exploits rau lub Linux ntsiav (piv txwv li, nyob rau hauv cov xwm txheej uas nws yog ib qho nyuaj rau hloov tshiab kernel nyob rau hauv lub system), thiab rau countering exploits rau tseem tsis tau paub qhov tsis zoo. Qhov project code muaj ntawv tso cai raws li GPLv2.
Ntawm cov kev hloov nyob rau hauv lub tshiab version:
- Qhov chaw ntawm LKRG qhov project tau raug hloov, uas tsis tau muab faib ua cov subsystems cais rau kev kuaj xyuas kev ncaj ncees thiab txiav txim siab siv cov khoom siv, tab sis tau nthuav tawm ua tiav cov khoom lag luam txhawm rau txheeb xyuas qhov kev tawm tsam thiab ntau yam kev ua txhaum kev ncaj ncees;
- Compatibility yog muab nrog Linux kernels los ntawm 5.3 mus rau 5.7, nrog rau cov kernels compiled nrog aggressive GCC optimizations, tsis muaj CONFIG_USB thiab CONFIG_STACKTRACE xaiv los yog nrog CONFIG_UNWINDER_ORC kev xaiv, nrog rau cov kernels uas tsis muaj LKsRG hook, yuav tsum tau dispensed nrog;
- Thaum lub tsev, qee qhov yuav tsum tau CONFIG_* kernel chaw raug tshuaj xyuas los tsim cov lus yuam kev muaj txiaj ntsig es tsis txhob muaj kev sib tsoo;
- Ntxiv kev txhawb nqa rau standby (ACPI S3, ncua rau RAM) thiab pw tsaug zog (S4, ncua mus rau disk) hom;
- Ntxiv DKMS kev txhawb nqa rau Makefile;
- Kev sim txhawb nqa rau 32-ntsis ARM platforms tau ua tiav (kuaj ntawm Raspberry Pi 3 Model B). Yav dhau los muaj AArch64 (ARM64) kev txhawb nqa tau nthuav dav los muab kev sib raug zoo nrog Raspberry Pi 4 pawg thawj coj;
- Cov hooks tshiab tau raug ntxiv, suav nrog tus muaj peev xwm () hu rau tus tuav kom paub zoo dua cov kev siv dag zog uas tswj hwm "", tsis yog txheej txheem IDs ();
- Cov logic tshiab tau raug npaj los txhawm rau txhawm rau txhawm rau txhawm rau khiav tawm cov kev txwv lub npe (piv txwv li, los ntawm Docker ntim);
- Ntawm x86-64 systems, SMAP (Supervisor Mode Access Prevention) me ntsis raug tshuaj xyuas thiab siv, tsim los thaiv kev nkag mus rau cov neeg siv chaw cov ntaub ntawv los ntawm cov cai muaj cai khiav ntawm qib kernel. SMEP (Tus Saib Xyuas Hom Kev Tiv Thaiv Kev Tiv Thaiv) kev tiv thaiv tau ua dhau los;
- Thaum lub sijhawm ua haujlwm, LKRG teeb tsa tau muab tso rau hauv nplooj ntawv nco uas feem ntau nyeem nkaus xwb;
- Kev sau cov ntaub ntawv uas tej zaum yuav muaj txiaj ntsig zoo tshaj plaws rau kev tawm tsam (piv txwv li, cov ntaub ntawv hais txog chaw nyob hauv cov ntsiav) tsuas yog siv rau kev debugging hom (log_level = 4 thiab siab dua), uas yog neeg xiam oob qhab los ntawm lub neej ntawd.
- Qhov scalability ntawm cov txheej txheem nrhiav cov ntaub ntawv tau nce ntxiv - tsis yog ib tsob ntoo RB tiv thaiv los ntawm ib qho spinlock, ib lub rooj hash ntawm 512 RB ntoo tiv thaiv los ntawm 512 nyeem-sau locks yog siv;
- Ib hom tau siv thiab ua haujlwm los ntawm lub neej ntawd, nyob rau hauv qhov kev ncaj ncees ntawm cov txheej txheem kev txheeb xyuas feem ntau tsuas yog kuaj rau txoj haujlwm tam sim no, thiab tseem xaiv tau rau cov haujlwm ua haujlwm (waking up). Rau lwm cov dej num uas nyob hauv lub xeev pw tsaug zog lossis ua haujlwm yam tsis tau nkag mus rau kernel API tswj los ntawm LKRG, daim tshev tau ua tsawg dua.
- Ntxiv cov sysctl tshiab thiab cov qauv tsis zoo rau kev kho kom zoo LKRG, nrog rau ob lub sysctl rau kev teeb tsa yooj yim los ntawm kev xaiv los ntawm cov teeb tsa zoo-tuning (profiles) npaj los ntawm cov neeg tsim khoom;
- Default settings tau hloov pauv kom ua tiav qhov sib npaug sib npaug ntawm qhov nrawm ntawm kev tshawb nrhiav kev ua txhaum cai thiab kev ua tau zoo ntawm cov lus teb, ntawm ib sab, thiab cuam tshuam rau kev ua tau zoo thiab kev pheej hmoo ntawm qhov tsis zoo, ntawm qhov tod tes;
- Cov ntaub ntawv systemd unit tau raug kho dua tshiab los thauj cov LKRG module thaum ntxov hauv khau raj (kev xaiv kab lus xaiv tuaj yeem siv los kaw qhov module);
Muab rau hauv tus account qhov optimizations tau npaj nyob rau hauv qhov kev tso tawm tshiab, qhov kev ua tau zoo txo ββthaum siv LKRG 0.8 yog kwv yees li ntawm 2.5% nyob rau hauv lub neej ntawd hom ("hnyav") thiab 2% nyob rau hauv lub teeb hom ("lub teeb").
Nyob rau hauv ib tug tsis ntev los no tuav kev ua tau zoo ntawm cov pob khoom txhawm rau txheeb xyuas cov rootkits LKRG Cov txiaj ntsig zoo tshaj plaws, txheeb xyuas 8 tawm ntawm 9 qhov kev sim rootkits ua haujlwm ntawm qib ntsiav yam tsis muaj qhov tsis zoo (rootkits Diamorphine, Honey Pot Bears, LilyOfTheValley, Nuk3 Gh0st, Puszek, Reptile, Rootfoo Linux Rootkit thiab Sutekh tau txheeb xyuas, tab sis Keysniffer, uas yog ib qho module, tau plam nrog keylogger, tsis yog rootkit nyob rau hauv cov lus tseeb). Rau kev sib piv, AIDE, OSSEC thiab Rootkit Hunter tej pob khoom kuaj pom 2 tawm ntawm 9 rootkits, thaum Chkrootkit tsis pom ib qho twg. Nyob rau tib lub sijhawm, LKRG tsis txhawb kev tshawb nrhiav cov rootkits nyob rau hauv cov neeg siv qhov chaw, yog li qhov ua tau zoo tshaj plaws yog ua tiav thaum siv kev sib xyaw ntawm AIDE thiab LKRG, uas ua rau nws muaj peev xwm txheeb xyuas 14 tawm ntawm 15 rootkits ntawm txhua hom.
Tsis tas li ntawd, nws tuaj yeem raug sau tseg tias tus tsim khoom faib khoom pib npaj ua pob khoom nrog DKMS rau Debian, Whonix, Qubes thiab Kicksecure, thiab ib pob rau twb hloov tshiab rau version 0.8. Cov pob khoom nrog LKRG kuj muaj nyob hauv Lavxias ΠΈ .
Kev kuaj xyuas kev ncaj ncees hauv LKRG yog ua los ntawm kev sib piv cov lej tiag thiab cov ntaub ntawv ntawm cov ntsiav thiab cov qauv, qee cov ntaub ntawv tseem ceeb thiab CPU teeb tsa nrog cov hashes khaws cia lossis cov ntawv theej ntawm cov chaw nco, cov ntaub ntawv lossis cov ntawv sau npe. Kev kuaj xyuas yog qhib ob qho tib si ib ntus los ntawm timer thiab thaum tshwm sim ntawm ntau yam xwm txheej.
Kev txiav txim siab txog kev siv tau thiab thaiv kev tawm tsam yog ua nyob rau theem ua ntej cov ntsiav muab kev nkag mus rau cov peev txheej (piv txwv li, ua ntej qhib cov ntaub ntawv), tab sis tom qab cov txheej txheem tau txais kev tso cai tsis raug cai (piv txwv li, hloov UID). Thaum kuaj pom tus cwj pwm tsis raug cai, cov txheej txheem raug yuam kom xaus los ntawm lub neej ntawd, uas txaus los thaiv ntau qhov kev siv dag zog.
Tau qhov twg los: opennet.ru