1 / 29

The Linux Kernel

the linux kernel and its various features. The Linux Kernel. The kernel. kernels. kernels are typically classified in one of two categories: monolithic all inclusive large faster modular small core additional modules activated dynamically slower. why configure the kernel.

savannah-gomez
Download Presentation

The Linux Kernel

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. the linux kernel and its various features The Linux Kernel

  2. The kernel

  3. kernels • kernels are typically classified in one of two categories: • monolithic • all inclusive • large • faster • modular • small core • additional modules activated dynamically • slower

  4. why configure the kernel • Enhance system performance • Increase security • Increase flexibility • Increase reliability • Add support for new type of devices • Remove overhead

  5. four basic methods to customize • Modify tunable kernel configuration parameters • Building from scratch (source code) • Loading new drivers and modules into an existing kernel on the fly • Providing operational directives and modules into an existing kernel on the fly

  6. tuning kernel parameters • Kernel - one size doesn’t fit all • Special hook parameters allow kernel adjustments • Special files in /proc/sys let you view and set kernel options at run time • sysctl command is permanent way to modify parameters. /etc/sysctl.conf read at boot time and set custom parameters values

  7. sysctl examples • sysctl net.ipv4.ip_forward=0 • turns off ipforwarding • autoeject • file-max default 4096 • ctrl-alt-del • icmp_echo_ignore_all

  8. adding device driver • A device driver is a program that manages the system’s interaction with a piece of hardware. The driver layer keeps Linux device independent • One of three forms • A patch against kernel version • A loadable module • Installation script or package to install patch • #cd path_to_kernal_src • #patch –p1 < patch_file

  9. loadable kernel modules LKM • linux commands: • lsmod list active modules • insmod <module> insert/load module • rmmod <module> remove/delete module • modprobe newer replaces above –l –i -r • depmod -a update module dependencies

  10. linux kernel • linux kernel is often named “vmlinuz” • linux kernel is usually found • either in directory /boot • or in directory / • modules found in directory /lib/modules

  11. linux kernel • compiling the linux 2.6 kernel • greatly simplified from previous kernel versions • does require considerable knowledge regarding system hardware and its configuration • certainly a “leap of faith”, especially the first time

  12. building a kernel - outline • Download kernel source • Uncompress to kernel source /usr/src • Config options via make menuconfig, make xconfig, make gconfig • Compile steps: run make clean • Run make • Run make modules_install • Copy install files to /boot/vmlinuz • Edit boot loader /etc/lilo or boot/grub/grub.config add config line for new kernel

  13. linux kernel • obtaining the source code • linux kernel archive • www.kernel.org • source code is transferred to • directory /usr/src/linux-2.6.x.x • /usr/src/linux is symbolic link to the most current kernel source tree

  14. compiling the linux kernel • must be root user • must be in directory /usr/src/linux • first step: configuration • make config • make menuconfig • make xconfig • make gconfig • generates a configuration file .config • recommend saving a second copy • e.g., second_config

  15. compiling the linux kernel • second step: compilation • make • make modules_install • both of these steps can be quite time consuming! • third step: installation • cp System.map /boot/System.map-2.6.x • cp .config /boot/config-2.6.x • cp arch/i386/boot/bzImage /boot/kernel-2.6.x • final step: boot loader update • edit either /etc/lilo.conf or /boot/grub/grub.conf

  16. loadable kernel modules • not part of original linux design • part of a natural evolution in the operating system • device drivers have always been modular in nature • loadable kernel modules (LKMs) • save memory • faster to debug and maintain • slower, only if necessary to reload into memory

  17. loadable kernel modules • Without loadable kernel modules, an operating system would have to have all possible anticipated functionality already compiled directly into the base kernel. Much of that functionality would reside in memory without being used, wasting memory, and would require that users rebuild and reboot the base kernel every time new functionality is desired. Most operating systems supporting loadable kernel modules will include modules to support most desired functionality.

  18. There are six main things LKMs are used for: • Device drivers. • Filesystem drivers. • System calls. • Network drivers. • TTY line disciplines • Executable interpreters. • For more info: http://tldp.org/HOWTO/Module-HOWTO/x197.html

  19. loadable kernel modules • LKMs are typically used to add support for new hardware and/or filesystems, or for adding system calls. • When the functionality provided by an LKM is no longer required, it can be unloaded in order to free memory

  20. loadable kernel modules • module operation • may be totally transparent to the user • may display its presence as a virtual file in the directory /proc

  21. loadable kernel modules • LKMs provide a great deal of power to system programmers • quick prototyping • quick patches for bugs • but LKMs also provide a foothold for crackers • can trojan important modules • many rootkits make use of LKMs

  22. attacking LKMs • LKMs can be trojaned • less popular than more traditional attacks on external commands • requires compilation on the host (requires root) • compile • rmmod <module> • insmod <trojan_module> • cracker software: • knark • adore • rkit

  23. attacking LKMs • countermeasures: • kernel 2.6 now includes the configuration option to disable the ability to unload a module! • monitor files in /lib/modules • make these files immutable

  24. attacking the linux kernel • significantly more complicated than attacking LKMs • but also significantly more devastating • must modify the kernel source tree • must reconfigure and recompile a kernel • must reboot the system • this is usually quite noticeable!!!

  25. strengthening the kernel • Openwall Project Linux Security Patch • Security enhanced os & utilities • www.openwall.com • LIDS: Linux Intrusion Detection System • additional security features added to kernel • www.lids.org

  26. hardening the kernel • grsecurity –kernel security patches • SE-Linux security enhanced Linux • LCAP Linux Kernel Capability Remover • systrace - enforces system call policies for applications • lsm Linux security modules

More Related