The Linux default security level is 0, and if you raise it to 1, you can improve the security of the system to some extent. Security level
When 1, it disables the modification of the immutable and append-only bits of the files in the EX2FS system, while also prohibiting loading
/Remove module. So we can first use chattr +i <file> will most of the executable file, dynamic Connection library,
Some important system files (INETD.CONF,SECURETTY,HOSTS.ALLOW,HOSTS.DENY,RC.D under the Kai
Move script ...) Add immutable bit, so "hacker" it is difficult to put on your machine Trojan horse and left the back door.
(Even if he has the root privileges, of course, read and write through the direct hard drive can still be modified, but more cumbersome and dangerous
).
Once the hackers enter the system and get root, they first clear the system's record file. You can give some system log files
(Wtmp,messages,syslog ...) Increase the append-only bit, so that "hackers" can not easily modify them. To catch
They are much easier.:-)
The more direct way to modify the security level is to directly modify the kernel source. The LINUX/KERNEL/SCHED.C in the
The Securelevel is set to 1. But if you want to change the security level, you need to recompile the kernel, I'm too lazy to
Trouble.:-)
Why not use module? I wrote a very simple lkm and a client program to complete the security level switch.
Methods: Insmod lkm; Clt-h;
Note: Ordinary users can also perform CLT to switch security levels, so it is best to add a section of password checking in CLT and lkm.
Do not allow execution if the password is not correct.:-)
The two programs are compiled and run through Redhat 5.2 (2.0.36). For the 2.2.x kernel, securelevel
into a securebits, simple to change it to 1, will not even setuid () are banned, so that ordinary users can not
Landed. If who is familiar with the 2.2.x, please do not hesitate to enlighten, common improvement.:)
< before you test these programs, back up your important data. I am not responsible for any loss caused by running this program .>
(Once Securelevel=1,kernel will not be allowed to load modlue, your kerneld may not be
Often works and prohibits you from accessing/dev/kmem, so some programs that use svgalib do not work properly.
, like ZGV or something. But this is inherently a security risk, so do not work do not work well, hehe
(About CHATTR,LSADDR Please man chattr and man lsattr)
/* Simple lkm to secure Linux.
* This module can is used to change the securelevel of Linux.
* Running The client would switch the Securelevel.
*
* Gcc-o3-wall-c LKM.C
* Insmod Lkm
*
* It is tested in Redhat 5.2 (2.0.36).
* (It should be modified if you are want to run it in 2.2.x kernel).
* It is really very simple,but we just for educational purposes.:-)
*
*warning3@hotmail.com
*/
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.