LKRG 0.9.2 yakatoburitswa uye idzi ndidzo nhau dzayo

Iyo purojekiti Openwall nguva pfupi yadarika yakaburitsa kuvhurwa kwe iyo itsva vhezheni yekernel module "LKRG 0.9.2" (Linux Kernel Runtime Guard) iyo yakagadzirirwa kuona nekuvhara kurwiswa uye kutyorwa kwekuvimbika kwezvimiro zvekernel.

LKRG parizvino inotsigira x86-64, x86 32-bit, AArch64 (ARM64), uye ARM 32-bit.
CPU zvivakwa.

Pamusoro peLKRG

Sezvakataurwa iyo LKRG module suye ine basa rekuita cheki chekuvimbika muLinux kernel runtime uye kuona kusadzivirirwa kwekuchengetedza. inoputika ichipikisa kernel. Semuenzaniso, iyo module inogona kudzivirira kubva kune isingatenderwe shanduko kune inomhanya kernel uye kuyedza kushandura mvumo yevashandisi maitiro (nekuona mashandisiro ekushandisa).

Iyo module inokodzera zvese kuronga dziviriro kubva kune zvakapambwa zvekusagadzikana kwagara kuchizivikanwa muLinux kernel (semuenzaniso, mumamiriro ezvinhu apo zvakaoma kugadzirisa kernel pane sisitimu) uye yekuverengera zviitiko zvekusazivikanwa kusazivikanwa.

Zvinofanira kunzwisiswa kuti LKRG iri kernel module (kwete kernel patch), saka inogona kuunganidzwa uye kurodha pane yakakura uye yekugovera kernels, pasina chikonzero chekuti chero ipi zvayo igadzirwe.

Parizvino, iyo module inotsigirwa kernel shanduro kubva kuRHEL7 (uye akawanda clones / kudzokorora) uye Ubuntu 16.04 kune ichangoburwa mainline uye yakakosha kugovera.

Hunhu hutsva hutsva hweLKRG 0.9.2

Mune iyi vhezheni itsva inoratidzwa, vagadziri vanotaura kuti lKuenderana kunovimbiswa neLinux kernels 5.14 kusvika 5.16-rc, pamwe chete neLTS kernels 5.4.118+, 4.19.191+ uye 4.14.233+.

Panguva yekuburitswa kwedu kwekare, LKRG 0.9.1, Linux 5.12.x yaive last core. Takaita rombo rakanaka kuti yakashandawo sezviri paLinux 5.13.x uye zvichienda 5.10.x zvitsva zvenguva refu zvakatevedzana cores. Nekudaro, kubva pa5.14, se pamwe chete ne3 yekare-yenguva refu kernel yakatevedzana yakanyorwa mune changelog
Pakutanga, taifanira kuita shanduko kutsigira iwo matsva kernel vhezheni.

Nezve shanduko dzakamira pachena mushanduro itsva, zvinoratidzwa izvozvo yakawedzera rutsigiro kune akasiyana CONFIG_SECCMP marongero, pamwe nerutsigiro rwe kernel parameter "nolkrg" kudzima LKRG panguva yebhutsu.

Kune chikamu chekugadzirisa bug, inotaurwa izvozvo yakagadziriswa yenhema nekuda kwechimiro chemujaho panguva yeSECOMP_FILTER_FLAG_TSYNC kugadzirisa, Pamusoro peiyo rutsigiro rweCONFIG_HAVE_STATIC_CALL kumisikidzwa muLinux kernels 5.10+ yakagadziridzwawo (yakagadziriswa mamiriro emujaho pakurodha mamwe mamodule).

Mukuwedzera, zvinovimbiswa kuti mazita emamodules akavharidzirwa paanenge achishandisa lkrg.block_modules = 1 setting inochengetwa mu registry.

Yeimwe shanduko izvo zvinoratidzika kubva pane iyi nyowani vhezheni:

  • Yakaiswa kuiswa kwe sysctl-settings mu /etc/sysctl.d/01-lkrg.conf faira
  • Yakawedzerwa dkms.conf configuration file yeDKMS (Dynamic Kernel Module Support) system, iyo inoshandiswa kugadzira ma modules echitatu mushure mekugadzirisa kernel.
  • Yakavandudzwa uye yakagadziridzwa rutsigiro rwekugadzirisa debug kuvaka uye inoenderera mberi yekubatanidza masisitimu.

Finalmente kana iwe uchifarira kuziva zvakawanda Nezve purojekiti, iwe unofanirwa kuziva kuti kodhi yeprojekiti yakagoverwa pasi peGPLv2 rezinesi.

Kune avo vanofarira kukwanisa kuisa module iyi, zvakakosha kutaura kuti se inoda kernel kuvaka dhairekitori inoenderana neLinux kernel mufananidzo umo module ichamhanya. Semuenzaniso, paDebian neUbuntu, unogona kubata inodiwa kuvaka zvivakwa nekungoisa iyo linux-misoro:

sudo apt-get install linux-headers-$(uname -r )

Panyaya yekugovera, senge RHEL, Fedora kana kugovera zvichibva pane izvi, (uye kunyangwe CentOS), pasuru yekuisa ndeiyi inotevera:

sudo yum install kernel-devel

Kuti udzidze zvakawanda nezvazvo pamwe nemirayiridzo yekubatanidza inogona kubvunza ruzivo Mune inotevera chinongedzo.


Izvo zviri muchinyorwa zvinoomerera pamisimboti yedu ye tsika dzekunyora. Kuti utaure chikanganiso tinya pano.

Iva wekutanga kutaura

Siya yako yekutaura

Your kero e havazobvumirwi ichibudiswa.

*

*

  1. Inotarisira data: AB Internet Networks 2008 SL
  2. Chinangwa cheiyo data: Kudzora SPAM, manejimendi manejimendi.
  3. Legitimation: Kubvuma kwako
  4. Kutaurirana kwedata
  5. Dhata yekuchengetedza: Dhatabhesi inobatwa neOccentus Networks (EU)
  6. Kodzero: Panguva ipi neipi iwe unogona kudzora, kupora uye kudzima ruzivo rwako