The linux kernel and its various features
This presentation is the property of its rightful owner.
Sponsored Links
1 / 29

The Linux Kernel PowerPoint PPT Presentation


  • 144 Views
  • Uploaded on
  • Presentation posted in: General

the linux kernel and its various features. The Linux Kernel. The kernel. kernels. kernels are typically classified in one of two categories: monolithic all inclusive large faster modular small core additional modules activated dynamically slower. why configure the kernel.

Download Presentation

The Linux Kernel

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


The linux kernel and its various features

the linux kernel

and

its various features

The Linux Kernel


The kernel

The kernel


Kernels

kernels

  • kernels are typically classified in one of two categories:

    • monolithic

      • all inclusive

      • large

      • faster

    • modular

      • small core

      • additional modules activated dynamically

      • slower


Why configure the kernel

why configure the kernel

  • Enhance system performance

  • Increase security

  • Increase flexibility

  • Increase reliability

  • Add support for new type of devices

  • Remove overhead


Four basic methods to customize

four basic methods to customize

  • Modify tunable kernel configuration parameters

  • Building from scratch (source code)

  • Loading new drivers and modules into an existing kernel on the fly

  • Providing operational directives and modules into an existing kernel on the fly


Tuning kernel parameters

tuning kernel parameters

  • Kernel - one size doesn’t fit all

  • Special hook parameters allow kernel adjustments

  • Special files in /proc/sys let you view and set kernel options at run time

  • sysctl command is permanent way to modify parameters. /etc/sysctl.conf read at boot time and set custom parameters values


Sysctl examples

sysctl examples

  • sysctl net.ipv4.ip_forward=0

    • turns off ipforwarding

  • autoeject

  • file-max default 4096

  • ctrl-alt-del

  • icmp_echo_ignore_all


Adding device driver

adding device driver

  • A device driver is a program that manages the system’s interaction with a piece of hardware. The driver layer keeps Linux device independent

  • One of three forms

    • A patch against kernel version

    • A loadable module

    • Installation script or package to install patch

    • #cd path_to_kernal_src

    • #patch –p1 < patch_file


Loadable kernel modules lkm

loadable kernel modules LKM

  • linux commands:

    • lsmodlist active modules

    • insmod <module>insert/load module

    • rmmod <module>remove/delete module

    • modprobenewer replaces above –l –i -r

    • depmod -aupdate module dependencies


Linux kernel

linux kernel

  • linux kernel is often named “vmlinuz”

  • linux kernel is usually found

    • either in directory /boot

    • or in directory /

  • modules found in directory /lib/modules


Linux kernel1

linux kernel

  • compiling the linux 2.6 kernel

    • greatly simplified from previous kernel versions

    • does require considerable knowledge regarding system hardware and its configuration

    • certainly a “leap of faith”, especially the first time


Building a kernel outline

building a kernel - outline

  • Download kernel source

  • Uncompress to kernel source /usr/src

  • Config options via make menuconfig, make xconfig, make gconfig

  • Compile steps: run make clean

  • Run make

  • Run make modules_install

  • Copy install files to /boot/vmlinuz

  • Edit boot loader /etc/lilo or boot/grub/grub.config add config line for new kernel


Linux kernel2

linux kernel

  • obtaining the source code

    • linux kernel archive

    • www.kernel.org

  • source code is transferred to

    • directory /usr/src/linux-2.6.x.x

    • /usr/src/linux is symbolic link to the most current kernel source tree


Compiling the linux kernel

compiling the linux kernel

  • must be root user

  • must be in directory /usr/src/linux

  • first step: configuration

    • make config

    • make menuconfig

    • make xconfig

    • make gconfig

      • generates a configuration file .config

      • recommend saving a second copy

        • e.g., second_config


Compiling the linux kernel1

compiling the linux kernel

  • second step: compilation

    • make

    • make modules_install

      • both of these steps can be quite time consuming!

  • third step: installation

    • cp System.map /boot/System.map-2.6.x

    • cp .config /boot/config-2.6.x

    • cp arch/i386/boot/bzImage /boot/kernel-2.6.x

  • final step: boot loader update

    • edit either /etc/lilo.conf or /boot/grub/grub.conf


Loadable kernel modules

loadable kernel modules

  • not part of original linux design

  • part of a natural evolution in the operating system

    • device drivers have always been modular in nature

  • loadable kernel modules (LKMs)

    • save memory

    • faster to debug and maintain

    • slower, only if necessary to reload into memory


Loadable kernel modules1

loadable kernel modules

  • Without loadable kernel modules, an operating system would have to have all possible anticipated functionality already compiled directly into the base kernel. Much of that functionality would reside in memory without being used, wasting memory, and would require that users rebuild and reboot the base kernel every time new functionality is desired. Most operating systems supporting loadable kernel modules will include modules to support most desired functionality.


There are six main things lkms are used for

There are six main things LKMs are used for:

  • Device drivers.

  • Filesystem drivers.

  • System calls.

  • Network drivers.

  • TTY line disciplines

  • Executable interpreters.

  • For more info: http://tldp.org/HOWTO/Module-HOWTO/x197.html


Loadable kernel modules2

loadable kernel modules

  • LKMs are typically used to add support for new hardware and/or filesystems, or for adding system calls.

  • When the functionality provided by an LKM is no longer required, it can be unloaded in order to free memory


Loadable kernel modules3

loadable kernel modules

  • module operation

    • may be totally transparent to the user

    • may display its presence as a virtual file in the directory /proc


Loadable kernel modules4

loadable kernel modules

  • LKMs provide a great deal of power to system programmers

    • quick prototyping

    • quick patches for bugs

  • but LKMs also provide a foothold for crackers

    • can trojan important modules

    • many rootkits make use of LKMs


Attacking lkms

attacking LKMs

  • LKMs can be trojaned

    • less popular than more traditional attacks on external commands

    • requires compilation on the host (requires root)

      • compile

      • rmmod <module>

      • insmod <trojan_module>

    • cracker software:

      • knark

      • adore

      • rkit


Attacking lkms1

attacking LKMs

  • countermeasures:

    • kernel 2.6 now includes the configuration option to disable the ability to unload a module!

    • monitor files in /lib/modules

    • make these files immutable


Attacking the linux kernel

attacking the linux kernel

  • significantly more complicated than attacking LKMs

  • but also significantly more devastating

    • must modify the kernel source tree

    • must reconfigure and recompile a kernel

    • must reboot the system

      • this is usually quite noticeable!!!


Strengthening the kernel

strengthening the kernel

  • Openwall Project Linux Security Patch

    • Security enhanced os & utilities

    • www.openwall.com

  • LIDS: Linux Intrusion Detection System

    • additional security features added to kernel

    • www.lids.org


Hardening the kernel

hardening the kernel

  • grsecurity –kernel security patches

  • SE-Linux security enhanced Linux

  • LCAP Linux Kernel Capability Remover

  • systrace - enforces system call policies for applications

  • lsm Linux security modules


  • Login