Kernel rootkits and countermeasures
The Spy Within
Rootkits allow attackers to take complete control of a computer. We describe the tricks intruders use to gain access to the Linux kernel and provide guidelines on hardening the kernel against such attacks.
In response to a question asked in parliament, the German Federal Government responded in May 2012 that it was able to decrypt PGP messages or SSH connections, at least partially. Experts were exasperated when they heard this. No one seriously believed that PGP encryption had been cracked. More likely, data is sniffed before encryption or after decryption, or the secret service possesses the private key and, possibly, the associated password. Germany’s “Federal Trojan” can infiltrate the kernel as a rootkit for this purpose.
Classically, the term “rootkit” refers to a piece of software that gives an attacker camouflaged access to, and thus control over, a machine. Userland rootkits tend to modify applications to do this. In comparison, the much more powerful kernel rootkits change kernel data structures and code – for example, through system call hijacking.
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
US / Canada
UK / Australia
Direct Download
Read full article as PDF:
Price $2.95
News
-
Solus 4.3 Available for Download and Installation
The latest iteration from the Solus developers is out with kernel 5.13 and plenty of new features, bug fixes, and new hardware support.
-
Steam Deck Linux-Powered Gaming System Set to Take Over the Handheld World
A Linux and KDE-powered portable gaming platform is set to be released by Valve.
-
Linux Mint 20.2 Now Available and Better Than Ever
The developers of Linux Mint have gone a long way to perfecting the desktop experience.
-
Linux Foundation Forming the Open 3D Foundation
The Linux Foundation has announced they will be forming the Open 3D Foundation to accelerate developer collaboration on 3D games and simulations.
-
Nitrux 1.5 Ships with Kernel 5.13
Debian-based Nitrux Linux is the first distribution to ship with kernel 5.13
-
Slimbook Goes All in with a Linux Laptop that Focuses on the Display and the Power
Slimbook is now offering a Linux laptop geared for professionals, with the launch of a new lightweight ultrabook with plenty of power to spare.
-
KDE Plasma 5.22 Released with Better Stability and Usability Across the Board
The KDE Plasma desktop development has kicked into high gear and the latest release reflects newfound popularity and drive behind the open-source environment.
-
Nvidia and Valve Collaborate to Bring DLSS to Linux
Both powerhouses in the gaming industry are trying to make the experience on Linux much improved, by way of DLSS.
-
Kali Linux 2021.2 Official Release Now Available
The latest iteration of security fan-favorite Kali Linux has been released with new tools, themes, and plenty of improvements.
-
Entroware Unleashes a Beast of a Linux Laptop
If you're looking for a portable workhorse, look no further than the Entroware Proteus laptop.