Use LKM to change the linux default security level

Source: Internet
Author: User


The default security level of Linux is 0. If you upgrade it to 1, the system security can be improved to a certain extent.
When the value is 1, it will prohibit modification of the immutable and append-only bits of files in the ex2fs system, and prohibit Loading
/Remove module. So we can use chattr + I <file> to dynamically connect most executable files to the library,
Start of some important system files (inetd. conf, securetty, hosts. allow, hosts. deny, rc. d)
With the immutable bit, it is difficult for "hackers" to place Trojans and leave backdoors on your machine.
(Even if he has the root permission, he can still modify it through direct hard disk read/write, but it is troublesome and dangerous.
).
Once a hacker enters the system to obtain the root user, the system will first clear the system's record files. You can give some System Record Files
(Wtmp, messages, syslog...) adds append-only bits so that "hackers" cannot modify them easily.
They are much easier .:-)
You can directly modify the kernel source code to change the security level.
Set securelevel to 1. However, if you want to change the security level, you need to re-compile the kernel. I am too lazy and don't want
Please .:-)
Why not use a module? I wrote a simple lkm and a client program to complete the security level switching.

Method: insmod lkm; clt-h;

Note: common users can also perform clt to switch the security level, so it is best to add a password check in clt and lkm,
Execution is not allowed if the password is incorrect .:-)
These two programs are compiled and run under Redhat 5.2 (2.0.36). For the 2.2.x kernel, securelevel
Changed to securebits. Simply changing it to 1 will disable setuid (), so that ordinary users cannot
Login. If you are familiar with 2.2.x, please don't hesitate to give us some advice to improve it together .:)

<Before testing these programs, back up important data. I am not responsible for any losses incurred by running this program.>

(Once securelevel = 1, the kernel will not be allowed to load modlue, so your kerneld may not be
It works normally and you are not allowed to access/dev/kmem, so some programs that use svgalib cannot work normally.
, Like zgv or something. However, this is a security risk, so it won't work well if you don't work)
(For more information about chattr and lsaddr, see man chattr and man lsattr)

Warning3@hotmail.com

/**************************** Lkm. c ********************************/

/* Simple lkm to secure Linux.
* This module can be used to change the securelevel of Linux.
* Running the client will switch the securelevel.
*
* Gcc-O3-Wall-c lkm. c
* Insmod lkm
*
* It is tested in Redhat 5.2 (2.0.36 ).
* (It shoshould be modified if you want to run it in 2.2.x kernel ).
* It is really very simple, but we just for educational purposes .:-)
*
* Warning3@hotmail.com
*/

Extern void * sys_call_table [];

Int sys_secureswitch (int secure)
{
If (secure = 0) securelevel = 0;
If (secure = 1) securelevel = 1;
Return securelevel;
}

Int init_module (void)
{
Sys_call_table [_ NR_secureswitch] = (void *) sys_secureswitch;
Return 0;
}
Void cleanup_module (void)
{
Sys_call_table [_ NR_secureswitch] = NULL;
Return;
}

/************************ Clt. c **************************/

/*

* This client can switch the secure level of Linux.

*

* Gcc-O3-Wall-o clt. c

* Usage: clt-h/-l

*-Hswitch to the high secure level.

*-Lswitch to the low secure level.

*

* Most of codes are ripped from smiler@tasam.com, thanks smiler .:)

* Warning3@hotmail.com

*/

Static inline _ syscall1 (int, secureswitch, int, command );

Int main (int argc, char ** argv)

{

Int ret, level = 0;

If (argc <2)

{

Fprintf (stderr, "Usage: % s [-h/-l] \ n", argv [0]);

Exit (-1 );
}

If (argv [1] [1] = 'H') level ++;

Else if (argv [1] [1]! = 'L ')

{

Fprintf (stderr, "Usage: % s [-h/-l] \ n", argv [0]);

Exit (-1 );

}

Ret = secureswitch (level );

If (ret <0)

Printf ("Hmmm... It seemed that our lkm hasn't been loaded ..;-) \ n ");
Else {

If (ret = 0 ){

Puts ("Now the secure level is changed to 0! \ N ");

} Else {

Puts ("Now the secure level is chagned to 1! \ N ");

}

}

Return (1 );

}

(Source: viphot)

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.