Use LKM to change the linux default security level
Source: Internet
Author: User
Article Title: Use LKM to change the default linux security level. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.
The default security level of Linux is 0. If you upgrade it to 1, the system security can be improved to a certain extent.
When the value is 1, it will prohibit modification of the immutable and append-only bits of files in the ex2fs system, and prohibit Loading
/Remove module. So we can use chattr + I first. Dynamically connect most executable files to the database,
Start of some important system files (inetd. conf, securetty, hosts. allow, hosts. deny, rc. d)
With the immutable bit, it is difficult for "hackers" to place Trojans and leave backdoors on your machine.
(Even if he has the root permission, he can still modify it through direct hard disk read/write, but it is troublesome and dangerous.
).
Once a hacker enters the system to obtain the root user, the system will first clear the system's record files. You can give some System Record Files
(Wtmp, messages, syslog...) adds append-only bits so that "hackers" cannot modify them easily.
They are much easier .:-)
You can directly modify the kernel source code to change the security level.
Set securelevel to 1. However, if you want to change the security level, you need to re-compile the kernel. I am too lazy and don't want
Please .:-)
Why not use a module? I wrote a simple lkm and a client program to complete the security level switching.
Method: insmod lkm; clt-h;
Note: common users can also perform clt to switch the security level, so it is best to add a password check in clt and lkm,
Execution is not allowed if the password is incorrect .:-)
These two programs are compiled and run under Redhat 5.2 (2.0.36). For the 2.2.x kernel, securelevel
Changed to securebits. Simply changing it to 1 will disable setuid (), so that ordinary users cannot
Login. If you are familiar with 2.2.x, please don't hesitate to give us some advice to improve it together .:)
<在测试这些程序以前,请备份重要数据.本人不为运行此程序带来的任何损失负责.>
(Once securelevel = 1, the kernel will not be allowed to load modlue, so your kerneld may not be
It works normally and you are not allowed to access/dev/kmem, so some programs that use svgalib cannot work normally.
, Like zgv or something. However, this is a security risk, so it won't work well if you don't work)
(For more information about chattr and lsaddr, see man chattr and man lsattr)
Warning3@hotmail.com
/**************************** Lkm. c ********************************/
/* Simple lkm to secure Linux.
* This module can be used to change the securelevel of Linux.
* Running the client will switch the securelevel.
*
* Gcc-O3-Wall-c lkm. c
* Insmod lkm
*
* It is tested in Redhat 5.2 (2.0.36 ).
* (It shoshould be modified if you want to run it in 2.2.x kernel ).
* It is really very simple, but we just for educational purposes .:-)
*
* Warning3@hotmail.com
*/
# Define MODULE
# Define _ KERNEL __
# Include
# Include
# Include
# Include
# Include
# Include
# Include
# Include
# Include
# Include
# Include
# Include
# Include
# Include
# Include
# Define _ NR_secureswitch 250
Extern void * sys_call_table [];
Int sys_secureswitch (int secure)
{
If (secure = 0) securelevel = 0;
If (secure = 1) securelevel = 1;
Return securelevel;
}
Int init_module (void)
{
Sys_call_table [_ NR_secureswitch] = (void *) sys_secureswitch;
Return 0;
}
Void cleanup_module (void)
{
Sys_call_table [_ NR_secureswitch] = NULL;
Return;
}
/************************ Clt. c **************************/
/*
* This client can switch the secure level of Linux.
*
* Gcc-O3-Wall-o clt. c
* Usage: clt-h/-l
*-H switch to the high secure level.
*-L switch to the low secure level.
*
* Most of codes are ripped from smiler@tasam.com, thanks smiler .:)
* Warning3@hotmail.com
*/
# Include
# Include
# Include
# Define _ NR_secureswitch 250
Static inline _ syscall1 (int, secureswitch, int, command );
Int main (int argc, char ** argv)
{
Int ret, level = 0;
If (argc <2)
{
Fprintf (stderr, "Usage: % s [-h/-l] n", argv [0]);
Exit (-1 );
}
If (argv [1] [1] = h) level ++;
Else if (argv [1] [1]! = L)
{
Fprintf (stderr, "Usage: % s [-h/-l] n", argv [0]);
Exit (-1 );
}
Ret = secureswitch (level );
If (ret <0)
Printf ("Hmmm... It seemed that our lkm hasnt been loaded ..;-) n ");
Else {
If (ret = 0 ){
Puts ("Now the secure level is changed to 0! N ");
} Else {
Puts ("Now the secure level is chagned to 1! N ");
}
}
Return (1 );
}
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
