|
|||
about the kernel
Hi,
I have some questions about the kernel security. 1) How can I check the integrity of the kernel ? 2) how can I know if it's trusted ? 3) How can I detect malicious kernel modules ? 4) How can I see the kernel modules loaded ? Thank you. |
|
|||
1) But if the kernel is installed and relinked, the sha256 digest is not the original.. I mean the original fileset kernel is different from the installed one. Isn'it ?
2) How can I use signify to check the installed kernel ? Or maybe do I have signified manually the kernel before ? |
|
||||
Quote:
Quote:
|
|
|||
Let me know if I have understood.
I install openbsd and I use signify to check if the kernel from the iso is trusted. Then during the installation is create a new kernel with its digest. Then at every boot the kernel create a sha256 digest for the next boot and every boot check the digest created before. If something was been altered I see it in the console during the boot. The digest of the running kernel is in /var/db/kernel.SHA256 and the digest of the next boot where is ? An other question: can an attacker create a new relinked kernel with its digest ? |
|
|||||
Quote:
Quote:
Quote:
Quote:
Quote:
|
|
|||
I'm not a kernel developper but:
|
|
|||
yeah, of course the attacker has the root, a kernel rootkit generally is used to have the total control of the victim machine, after a break in.
Many more problems ? I don't think there is a something more important than the kernel integrity. A userland rootkit is very easy to detect, a kernel rootkit less. Especially if is inside the kernel and the kernel change hash every time I boot. |
|
||||
This forum is not associated with the OpenBSD Project, and is primarily a community of users. I'm just another user.
|
|
|||
I think there is some trade-off between protecting the kernel via anti-exploit mitigation vs checking integrity of file with kernel executable for signs of infections via i.e. booting from external media such as DVD disc and inspecting files.
Quote:
__________________
Signature: Furthermore, I consider that systemd must be destroyed. Based on Latin oratorical phrase |
|
||||
Indirectly, only. They are installed via unpacking /usr/share/relink/kernel.tgz, which is included in the signed baseXX.tgz fileset. Binary updates through syspatch(8) maintain this integrity chain through signify(1). Any kernel patches applied by building from source code -- for example, applying a -stable patch which does not qualify for errata publication -- can't be signed by the Project so any integrity controls must be applied by local administration.
|
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
ZFS for the Linux kernel | J65nko | News | 0 | 7th June 2010 06:43 PM |
6.3 > 7.2 kernel errors | carpman | FreeBSD Installation and Upgrading | 3 | 16th March 2010 10:58 PM |
kernel modules | Mr-Biscuit | FreeBSD General | 0 | 2nd March 2009 06:18 AM |
The kernel is angry! | Weaseal | FreeBSD Installation and Upgrading | 17 | 4th August 2008 10:15 AM |
Linux Kernel map | TerryP | Other BSD and UNIX/UNIX-like | 2 | 1st July 2008 05:33 AM |