ProHoster > Blog > litaba tsa inthanete > Ho lokolloa ha mojule oa LKRG 0.8 ho itšireletsa khahlanong le tšebeliso ea bofokoli ho Linux kernel.

Ho lokolloa ha mojule oa LKRG 0.8 ho itšireletsa khahlanong le tšebeliso ea bofokoli ho Linux kernel.

Morero oa Openwall e hatisitsoeng ho lokolloa ha kernel module LKRG 0.8 (Linux Kernel Runtime Guard), e etselitsoeng ho bona le ho thibela litlhaselo le litlolo tsa bots'epehi ba meaho ea kernel. Ka mohlala, mochine o ka sireletsa khahlanong le liphetoho tse sa lumelloeng ho kernel e sebetsang le ho leka ho fetola tumello ea mekhoa ea mosebedisi (ho lemoha tšebeliso ea liketso). Mojule o loketse ka bobeli bakeng sa ho hlophisa ts'ireletso khahlano le liketso tse seng li ntse li tsejoa bakeng sa Linux kernel (mohlala, maemong ao ho leng thata ho ntlafatsa kernel tsamaisong), le bakeng sa ho sebetsana le ts'ireletso bakeng sa bofokoli bo sa tsejoeng. Khoutu ea morero ajoa ke e nang le laesense tlasa GPLv2.

Har'a liphetoho tsa mofuta o mocha:

  • Boemo ba morero oa LKRG bo fetotsoe, bo seng bo arotsoe ka litsamaiso tse ka thōko tse arohaneng bakeng sa ho hlahloba botšepehi le ho tseba tšebeliso ea liketso, empa e hlahisoa e le sehlahisoa se feletseng bakeng sa ho khetholla litlhaselo le litlōlo tse fapaneng tsa botšepehi;
  • Ho tsamaellana ho fanoa ka lithollo tsa Linux ho tloha ho 5.3 ho isa ho 5.7, hammoho le lithollo tse kopantsoeng le lintlafatso tse matla tsa GCC, ntle le likhetho tsa CONFIG_USB le CONFIG_STACKTRACE kapa ka khetho ea CONFIG_UNWINDER_ORC, hammoho le lithollo tse se nang mesebetsi ea LKRG. ho fediswa;
  • Ha o haha, litlhophiso tse ling tse tlamang tsa CONFIG_* kernel lia hlahlojoa ho hlahisa melaetsa ea liphoso e nang le moelelo sebakeng sa likotsi tse sa bonahaleng;
  • Ts'ehetso e ekelitsoeng bakeng sa li-standby (ACPI S3, emisa ho RAM) le ho robala (S4, suspend to disk) mekhoa;
  • Ts'ehetso ea DKMS e ekelitsoeng ho Makefile;
  • Tšehetso ea liteko bakeng sa li-platform tsa 32-bit ARM e kentsoe tšebetsong (e lekoa ho Raspberry Pi 3 Model B). Ts'ehetso ea AArch64 (ARM64) e neng e fumaneha pele e ekelitsoe ho fana ka tumellano le boto ea Raspberry Pi 4;
  • Ho kenyellelitsoe li-hook tse ncha, ho kenyeletsoa motho ea khonang () ea ho letsetsa ho tseba hamolemo liketso tse qhekellang "Bokhoni", eseng ho sebetsa li-ID (litšoaneleho);
  • Monahano o mocha o hlahisitsoe bakeng sa ho bona liteko tsa ho baleha lithibelo tsa sebaka sa mabitso (mohlala, ho tsoa lijaneng tsa Docker);
  • Ho litsamaiso tsa x86-64, SMAP (Supervisor Mode Access Prevention) bit ea hlahlojoa le ho sebelisoa, e etselitsoe ho thibela phihlello ea data ea sebaka sa mosebelisi ho tsoa ho khoutu e khethehileng e sebetsang boemong ba kernel. Tšireletso ea SMEP (Supervisor Mode Execution Prevention) e ile ea kenngoa ts'ebetsong pele;
  • Nakong ea ts'ebetso, li-setting tsa LKRG li behoa leqepheng la memori leo hangata le baloang feela;
  • Lintlha tsa ho rema lifate tse ka bang molemo haholo bakeng sa litlhaselo (mohlala, tlhahisoleseling mabapi le liaterese tse kernel) li lekanyelitsoe ho mokhoa oa ho lokisa liphoso (log_level=4 le holimo), e koetsoeng ka ho sa feleng.
  • The scalability ea data tracking database e eketsehile - ho e-na le sefate se le seng sa RB se sirelelitsoeng ke spinlock e le 'ngoe, ho sebelisoa tafole ea hash ea lifate tsa 512 RB tse sirelelitsoeng ke liloko tse 512 tsa ho bala-ho ngola;
  • Mokhoa o kentsoe ts'ebetsong le ho nolofalloa ka ho sa feleng, moo botšepehi ba li-identifiers tsa ts'ebetso hangata bo hlahlojoang feela bakeng sa mosebetsi oa hajoale, hape le ka boikhethelo bakeng sa mesebetsi e kentsoeng (ho tsoha). Bakeng sa mesebetsi e meng e boemong ba ho robala kapa e sebetsang ntle le ho fumana kernel API e laoloang ke LKRG, cheke e etsoa khafetsa.
  • E kentse li-parameter tse ncha tsa sysctl le module bakeng sa ho lokisa hantle LKRG, hammoho le sysctl tse peli bakeng sa tlhophiso e nolofalitsoeng ka ho khetha ho tloha ho lihlopha tsa litlhophiso tsa ho lokisa hantle (liprofaele) tse lokiselitsoeng ke bahlahisi;
  • Litlhophiso tsa kamehla li fetotsoe ho finyella tekanyo e leka-lekaneng pakeng tsa lebelo la ho lemoha tlōlo ea molao le katleho ea karabelo, ka lehlakoreng le leng, le phello ea ts'ebetso le kotsi ea maikutlo a fosahetseng, ka lehlakoreng le leng;
  • The systemd unit file e hlophisitsoe bocha ho kenya mojule oa LKRG qalong ea boot (mohala oa taelo ea kernel o ka sebelisoa ho tima module);

Ha ho nahanoa ka lintlafatso tse hlahisitsoeng tokollong e ncha, phokotso ea ts'ebetso ha u sebelisa LKRG 0.8 e hakanngoa ho 2.5% ka mokhoa oa kamehla ("boima") le 2% ka mokhoa o bobebe ("leseli").

Ho e sa tsoa tšoaroa patlisiso katleho ea liphutheloana bakeng sa ho lemoha rootkits LKRG bontšitse liphetho tse ntle ka ho fetisisa, ho tsebahatsa li-rootkits tse 8 ho tse 9 tse hlahlobiloeng tse sebetsang boemong ba kernel ntle le matšoao a fosahetseng (rootkits Diamorphine, Honey Pot Bears, LilyOfTheValley, Nuk3 Gh0st, Puszek, Reptile, Rootfoo Linux Rootkit le Sutekh li ile tsa khetholloa, empa Keysniffer, e leng kernel. module, e ile ea hloloheloa ke keylogger, eseng rootkit ka kutloisiso ea sebele). Ha ho bapisoa, liphutheloana tsa AIDE, OSSEC le Rootkit Hunter li fumane li-rootkits tse 2 ho tse 9, athe Chkrootkit ha ea ka ea lemoha leha e le efe. Ka nako e ts'oanang, LKRG ha e tšehetse ho lemoha li-rootkits tse sebakeng sa mosebedisi, kahoo katleho e kholo ka ho fetisisa e finyelloa ha ho sebelisoa motsoako oa AIDE le LKRG, e leng se entseng hore ho khonehe ho khetholla 14 ho tse 15 tsa mefuta eohle.

Ho phaella moo, ho ka hlokomeloa hore moqapi oa kabo Whonix qalile bopa liphutheloana tse seng li entsoe ka DKMS bakeng sa Debian, Whonix, Qubes le Kicksecure, le sephutheloana sa Arch Linux e se e ntlafalitsoe ho mofuta oa 0.8. Liphutheloana tse nang le LKRG le tsona li fumaneha ka Serussia le linux и AstraLinux.

Ho hlahloba botšepehi ho LKRG ho etsoa ka ho bapisa khoutu le lintlha tsa 'nete tsa kernel le li-module, mekhoa e meng ea bohlokoa ea data le litlhophiso tsa CPU tse nang le li-hashes tse bolokiloeng kapa likopi tsa libaka tsa memori tse lumellanang, mehaho ea data kapa lirekoto. Licheke li kengoa tšebetsong nako le nako ka nako le ha ho etsahala liketsahalo tse fapaneng.

Ho tseba hore na ho ka khoneha ho sebelisa mekhoa e metle le ho thibela litlhaselo ho etsoa sethaleng pele kernel e fana ka phihlelo ea lisebelisoa (mohlala, pele u bula faele), empa ka mor'a hore ts'ebetso e fumane tumello e sa lumelloeng (mohlala, ho fetola UID). Ha boitšoaro bo sa lumelloeng bo fumanoa, lits'ebetso li qobelloa ho khaotsa ka ho sa feleng, e leng ho lekaneng ho thibela liketso tse ngata.

Source: opennet.ru

Eketsa ka tlhaloso