Openwall published The release of the nucleus module lkrg 0.9.4 (Linux Kernel Runtime Guard) designed to identify and block the integrity of the kernel structures. For example, the module can protect against unauthorized amendments to the working core and attempts to change the powers of user processes (determining the use of exploites). The module is suitable both for organizing the protection against exploites of the already known vulnerabilities of the Linux nucleus (for example, in situations when it is problematic to update the core in the system), and for the confrontation of exploits for still unknown vulnerabilities. The project code is distributed under the GPLV2 license. You can read about the features of the implementation of LKRG in the first announcement of the project.
Among changes in the new version:
- Added support for the initialization system openrc .
- Complete compatibility with Linux LTS 5.15.40+.
- The design of the messages displayed in the log was processed to simplify the automated analysis and the convenience of perception during manual analysis.
- For LKRG messages, its own categories of logs are involved, which simplifies their separation from the rest of the core messages.
- The nucleus module is renamed from P_LKRG to LKRG.
- Added installation instructions using DKMS.
. .