Iprojekthi ye-Openwall ukukhutshwa kwemodyuli ye-kernel (I-Linux Kernel Runtime Guard), eyenzelwe ukufumanisa kunye nokuthintela ukuhlaselwa kunye nokuphulwa kwengqibelelo yezakhiwo zekernel. Ngokomzekelo, imodyuli inokukhusela kwiinguqu ezingagunyaziswanga kwi-kernel esebenzayo kwaye izama ukutshintsha iimvume zeenkqubo zomsebenzisi (ukubona ukusetyenziswa kwezinto ezisetyenziswayo). Imodyuli ifanelekile zombini ukulungiselela ukhuselo ngokuchasene nezenzo esele zaziwa kwi-Linux kernel (umzekelo, kwiimeko apho kunzima ukuhlaziya i-kernel kwinkqubo), kunye nokubala ukuxhaphaza ngenxa yobuthathaka obungaziwa. Ikhowudi yeprojekthi ilayisenisi phantsi kwe-GPLv2.
Phakathi kotshintsho kwinguqulelo entsha:
- Ukubekwa kweprojekthi ye-LKRG itshintshiwe, engasahlulwanga kwiinkqubo ezingaphantsi ezahlukeneyo zokukhangela ingqibelelo kunye nokumisela ukusetyenziswa kwemisebenzi, kodwa iboniswe njengemveliso epheleleyo yokuchonga ukuhlaselwa kunye nokuphulwa kwemfezeko eyahlukeneyo;
- Ukuhambelana kunikezelwa ngeenkozo ze Linux ukusuka kwi 5.3 ukuya ku 5.7, kunye neenkozo ezidityaniswe noburhabaxa be GCC, ngaphandle kwe CONFIG_USB kunye CONFIG_STACKTRACE iinketho okanye ngokhetho lweCONFIG_UNWINDER_ORC, kunye neenkozo ezingenalo imisebenzi yeLKRG kukhutshwa;
- Xa kusakhiwa, ezinye iisetingi ezisisinyanzelo ze-CONFIG_* ziyajongwa ukuvelisa imiyalezo yemposiso enentsingiselo endaweni yokungqubana okufihlakeleyo;
- Inkxaso eyongeziweyo yokulinda (i-ACPI S3, ukumisa kwi-RAM) kunye nokulala (i-S4, ukumisa kwi-disk) iindlela;
- Inkxaso eyongeziweyo ye-DKMS kwi-Makefile;
- Inkxaso yovavanyo ye-32-bit ye-ARM yamaqonga iphunyeziwe (ivavanywe kwi-Raspberry Pi 3 Model B). Inkxaso yangaphambili ye-AArch64 (ARM64) iye yandiswa ukuze ibonelele ngokuhambelana nebhodi yeRaspberry Pi 4;
- Kongezwe amagwegwe amatsha, kubandakanywa umntu okwaziyo () ukufowuna ukuchonga ngcono izinto ezixhaphazayo "", hayi inkqubo ye-ID ();
- Ingqiqo entsha iye yacetywa ukuze kufunyanwe iinzame zokubaleka izithintelo zesithuba samagama (umzekelo, kwizikhongozeli zeDocker);
- Kwiinkqubo ze-x86-64, i-SMAP (i-Supervisor Mode Access Prevention) bit ihlolwe kwaye isetyenziswe, yenzelwe ukuvala ukufikelela kwidatha yendawo yomsebenzisi kwikhowudi enelungelo elisebenzayo kwinqanaba le-kernel. Ukhuseleko lwe-SMEP (uThintelo lokuSebenza loMphathi) lwaphunyezwa ngaphambili;
- Ngexesha lokusebenza, izicwangciso zeLKRG zibekwe kwiphepha lememori eliqhele ukufunda kuphela;
- Ulwazi lokungena olunokuba luncedo kakhulu kuhlaselo (umzekelo, ulwazi malunga needilesi ezikwi-kernel) lulinganiselwe kwindlela yokulungiswa kweempazamo (log_level=4 nangaphezulu), evalwe ngokuzenzekelayo.
- I-scalability ye-database yokulandelela inkqubo iye yandisiwe - endaweni yomthi omnye we-RB okhuselwe nge-spinlock enye, itafile ye-hash ye-512 yemithi ye-RB ekhuselwe yi-512 yokufunda ukubhala i-lock isetyenziswa;
- Imowudi iphunyeziwe kwaye yenziwe ngokungagqibekanga, apho ingqibelelo yabachongi benkqubo isoloko ikhangelwa kuphela umsebenzi wangoku, kunye nokuzikhethela kwimisebenzi esebenzayo (yokuvuka). Kweminye imisebenzi ekwimeko yokulala okanye esebenza ngaphandle kokufikelela kwi-kernel API elawulwa yi-LKRG, isheke lenziwa ngaphantsi rhoqo.
- Iparameters entsha ye-sysctl kunye nemodyuli yokulungiswa kakuhle kweLKRG, kunye ne-sysctl ezimbini zoqwalaselo olulula ngokukhetha kwiiseti zolungiso olucokisekileyo (iiprofayile) ezilungiselelwe ngabaphuhlisi;
- Izicwangciso ezingagqibekanga zitshintshiwe ukuphumeza ukulinganisela okulinganayo phakathi kwesantya sokubona ukuphulwa kunye nokusebenza kwempendulo, kwelinye icala, kunye nefuthe ekusebenzeni kunye nomngcipheko wobuxoki obubuxoki, kwelinye;
- Ifayile yeyunithi ye-systemd yenziwe ngokutsha ukuze ilayishe imodyuli yeLKRG kwangethuba kwisiqalo (ukhetho lwelayini yomyalelo wekernel ingasetyenziselwa ukukhubaza umnqongo);
Ukuqwalasela ukulungiswa okucetywayo ekukhutshweni okutsha, ukunciphisa ukusebenza xa usebenzisa i-LKRG 0.8 kuqikelelwa kwi-2.5% kwimodi engagqibekanga ("inzima") kunye ne-2% kwimodi yokukhanya ("ukukhanya").
Kutsha nje ukusebenza kweepakethe zokubona i-rootkits LKRG iziphumo ezigqwesileyo, ukuchonga i-8 kwi-9 i-rootkits evavanyiweyo esebenza kwinqanaba le-kernel ngaphandle kwezinto zobuxoki (i-rootkits Diamorphine, i-Honey Pot Bears, i-LilyOfTheValley, i-Nuk3 Gh0st, i-Puszek, i-Reptile, i-Rootfoo Linux Rootkit kunye ne-Sutekh zachongwa, kodwa i-Keysniffer, eyi-kernel imodyuli, yaphoswa ngelogger, hayi i-rootkit ngengqiqo yokoqobo). Ukuthelekisa, iiphakheji ze-AIDE, i-OSSEC kunye ne-Rootkit Hunter zifumene i-2 kwi-rootkits ye-9, ngelixa i-Chkrootkit ayizange ibone nayiphi na. Ngelo xesha, i-LKRG ayixhasi ukufunyanwa kwee-rootkits ezibekwe kwindawo yomsebenzisi, ngoko ke ukuphumelela okukhulu kufezekiswa xa usebenzisa ukudibanisa kwe-AIDE kunye ne-LKRG, okwenza kube lula ukuchonga i-14 kwi-rootkits ye-15 yazo zonke iintlobo.
Ukongeza, kunokuqatshelwa ukuba umphuhlisi wokusabalalisa iqalile iiphakheji esele zenziwe nge-DKMS yeDebian, Whonix, Qubes kunye neKicksecure, kunye nephakheji ye sele ihlaziywe kuguqulelo 0.8. Iiphakheji ezine-LKRG zikwafumaneka ngesiRashiya и .
Ukutshekisha ukunyaniseka kwi-LKRG kwenziwa ngokuthelekisa ikhowudi yangempela kunye nedatha ye-kernel kunye neemodyuli, ezinye izakhiwo zedatha ezibalulekileyo kunye nezicwangciso ze-CPU ezineehashe ezigciniweyo okanye iikopi zeendawo zememori ezihambelanayo, izakhiwo zedatha okanye iirejista. Iitshekhi zivulwa ngamaxesha athile ngesibali-xesha kunye nokwenzeka kweziganeko ezahlukeneyo.
Ukumisela ukusetyenziswa okunokwenzeka kokuxhaphaza kunye nokuhlaselwa kokuthintela kuqhutyelwa kwinqanaba ngaphambi kokuba i-kernel inikeze ukufikelela kwizibonelelo (umzekelo, ngaphambi kokuvula ifayile), kodwa emva kokuba inkqubo ifumene iimvume ezingagunyaziswanga (umzekelo, ukutshintsha i-UID). Xa ukuziphatha okungagunyaziswanga kufunyenwe, iinkqubo zinyanzeliswa ukuba zipheliswe ngokungagqibekanga, okwaneleyo ukuvimba ezininzi zokuxhaphaza.
umthombo: opennet.ru