The default security level of Linux is 0. If you upgrade it to 1, the system security can be improved to a certain extent. when the security level is 1, it will disable immutable and append-only bits of files in the ex2fs system, and prohibit loading/removing modules. therefore, we can use chattr + I to dynamically connect most executable files to the database and some important system files (inetd. conf, securetty, hosts. allow, hosts. deny, rc. d start script ...) with the immutable bit, it is difficult for "hackers" to place Trojans and leave backdoors on your machine. (even if he has the root permission, of course, it can still be modified through direct hard disk read/write, but it is troublesome and dangerous ).
Once a hacker enters the system to obtain the root user, the system's record files will be cleared first. you can give some system record files (wtmp, messages, syslog ...) append-only bits are added so that "hackers" cannot modify them easily. it's much easier to catch them. :-) you can directly modify the kernel source code by modifying the security level. run linux/kernel/sched. set securelevel in c to 1. however, if you want to change the security level, you need to re-compile the kernel. I am too lazy and don't want to be so troublesome. :-) why not use a module? I wrote a simple lkm and a client program to complete the security level switching.
Method: insmod lkm; clt-h;
Note: normal users can also perform clt to switch the security level, so it is best to add a password check in the clt and lkm. If the password is incorrect, it is not allowed to perform .:-)
The two programs are compiled and run in Redhat 5.2 (2.0.36. for the 2.2.x kernel, securelevel is changed to securebits. Simply changing it to 1 will even disable setuid (), so that normal users cannot log on. if you are familiar with 2.2.x, please do not hesitate to give us further instructions. :)
<Before testing these programs, back up important data. I am not responsible for any losses incurred by running this program.>
(Once securelevel = 1, the kernel cannot be loaded into modlue, so your kerneld may not work properly and you are not allowed to access/dev/kmem, so some programs that use svgalib cannot work normally, such as zgv. However, this is a security risk, so it won't work well if you don't work)
(For more information about chattr and lsaddr, see man chattr and man lsattr)
Warning3@hotmail.com
/**************************** Lkm. c ********************************/
/* Simple lkm to secure Linux.* This module can be used to change the securelevel of Linux.* Running the client will switch the securelevel.** gcc -O3 -Wall -c lkm.c* insmod lkm** It is tested in Redhat 5.2 (2.0.36).* (It should be modified if you want to run it in 2.2.x kernel).* It is really very simple,but we just for educational purposes.:-)** warning3@hotmail.com*/#define MODULE#define __KERNEL__#include#include#include#include#include#include#include#include#include#include#include#include#include#include#include#define __NR_secureswitch 250extern void *sys_call_table[];int sys_secureswitch(int secure){if(secure==0) securelevel=0;if(secure==1) securelevel=1;return securelevel;}int init_module(void){sys_call_table[__NR_secureswitch] = (void *)sys_secureswitch;return 0;}void cleanup_module(void){sys_call_table[__NR_secureswitch] = NULL;return;} |
/************************ Clt. c **************************/
/** This client can switch the secure level of Linux.** gcc -O3 -Wall -o clt clt.c* Usage: clt -h/-l* -h switch to the high secure level.* -l switch to the low secure level.** Most of codes are ripped from smiler@tasam.com,thanks smiler.:)* warning3@hotmail.com*/#include#include#include#define __NR_secureswitch 250static inline _syscall1(int, secureswitch, int, command);int main(int argc,char **argv){int ret,level = 0;if (argc < 2){fprintf(stderr,"Usage: %s [-h/-l]n",argv[0]);exit(-1);}if (argv[1][1] == h) level++;else if (argv[1][1] != l){fprintf(stderr,"Usage: %s [-h/-l]n",argv[0]);exit(-1);}ret = secureswitch(level);if (ret < 0)printf("Hmmm...It seemed that our lkm hasnt been loaded.;-)n");else {if (ret == 0) {puts("Now the secure level is changed to 0!n");} else {puts("Now the secure level is chagned to 1!n");}}return(1);} |
Related Articles]
- Novell launches new Linux security tools to prevent hacker attacks
- Ten Tips to ensure Linux security
- Advanced Linux security management skills