Pulse of Truth

1600 readers

77 users here now

Cyber Security news and links to cyber security stories that could make you go hmmm. The content is exactly as it is consumed through RSS feeds and wont be edited (except for the occasional encoding errors).

This community is automagically fed by an instance of Dittybopper.

founded 2 years ago

MODERATORS

krogoth@infosec.pub

Linux Kernel Runtime Guard hits 1.0.0 with major updates and broader support (www.helpnetsecurity.com)

submitted 1 week ago by lemmydev2@infosec.pub to c/pulse_of_truth@infosec.pub

2 comments fedilink hide all child comments

The Linux Kernel Runtime Guard (LKRG) is a kernel module that checks the Linux kernel while it’s running. It looks for signs of tampering and tries to catch attempts to exploit security flaws in the kernel. Because it’s a module and not a patch, LKRG can run on many different kernels without any changes to them. It works with versions going back to RHEL7 and its variants, as well as the latest mainline and distribution … More → The post Linux Kernel Runtime Guard hits 1.0.0 with major updates and broader support appeared first on Help Net Security.

top 2 comments

sorted by: hot top controversial new old

[–] Hirom@beehaw.org 1 points 1 week ago (1 children)

What happens when it detects tempering? Does it cause one syscall to fail, or a kernel panic?

[–] krogoth@infosec.pub 3 points 1 week ago* (last edited 1 week ago)

See slides #8 and #10 on this presentation: https://download.openwall.net/pub/projects/lkrg/presentations/OSTconf2020-LKRG-In-A-Nutshell.pdf -> Kernel Panic (milder response would be ineffective) and killing the task.