Kernel rootkits and countermeasures
The Spy Within
Rootkits allow attackers to take complete control of a computer. We describe the tricks intruders use to gain access to the Linux kernel and provide guidelines on hardening the kernel against such attacks.
In response to a question asked in parliament, the German Federal Government responded in May 2012 that it was able to decrypt PGP messages or SSH connections, at least partially. Experts were exasperated when they heard this. No one seriously believed that PGP encryption had been cracked. More likely, data is sniffed before encryption or after decryption, or the secret service possesses the private key and, possibly, the associated password. Germany’s “Federal Trojan” can infiltrate the kernel as a rootkit for this purpose.
Classically, the term “rootkit” refers to a piece of software that gives an attacker camouflaged access to, and thus control over, a machine. Userland rootkits tend to modify applications to do this. In comparison, the much more powerful kernel rootkits change kernel data structures and code – for example, through system call hijacking.
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
US / Canada
UK / Australia
Direct Download
Read full article as PDF:
Price $2.95
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Find SysAdmin Jobs
News
-
4MLinux 41.0 is Now Stable and Ready for Use
The developers behind 4MLinux have changed the status of 41.0 to STABLE, which means it's ready for prime time.
-
Xfce 4.18 is Coming Soon and Offers Subtle Improvements
The Xfce team has announced the release date of the next iteration of the desktop, which includes a good number of features to polish the fan-favorite Linux UI.
-
Orange Pi Board Has Arch-Based Linux Distribution in the Works
The developers of the Orange Pi board are planning to release an Arch-based Linux distribution available for its hardware as an alternative to Orange Pi OS.
-
Alpine Linux 3.17 Now Available to the General Public
The developers of Alpine Linux have officially announced the release of the latest version of the security-focused Linux distribution.
-
The New StarFighter Linux Laptop Now Available for Preorder
A new, completely customizable Linux laptop is now available to preorder from Star Labs.
-
Critical Escalation Vulnerability Found in the Linux Kernel
A new local privilege escalation vulnerability has been discovered in the Linux kernel and users are encouraged to upgrade/patch immediately.
-
AlmaLinux 8.7 Now Available
The developers of AlmaLinux have released the latest version of the OS, named Stone Smilodon, to the general public.
-
New Arch-Based Linux Distribution Aims to be Beginner-Friendly
CachyOS has been created to serve as a Linux distribution for everyone, even while being based on the more complex Arch Linux.
-
elementary OS 7 Getting Closer to Release
The team behind elementary OS has announced they are now focused on putting the finishing touches on the next major release of the Linux distribution.
-
Nitrux 2.5 Released with Kernel 6.0 and KDE Plasma 5.26
Nitrux 2.5 has been officially released and is the first systemd-free distribution to include both kernel 6.0 and KDE Plasma 5.26.