Kernel rootkits and countermeasures
The Spy Within
Rootkits allow attackers to take complete control of a computer. We describe the tricks intruders use to gain access to the Linux kernel and provide guidelines on hardening the kernel against such attacks.
In response to a question asked in parliament, the German Federal Government responded in May 2012 that it was able to decrypt PGP messages or SSH connections, at least partially. Experts were exasperated when they heard this. No one seriously believed that PGP encryption had been cracked. More likely, data is sniffed before encryption or after decryption, or the secret service possesses the private key and, possibly, the associated password. Germany’s “Federal Trojan” can infiltrate the kernel as a rootkit for this purpose.
Classically, the term “rootkit” refers to a piece of software that gives an attacker camouflaged access to, and thus control over, a machine. Userland rootkits tend to modify applications to do this. In comparison, the much more powerful kernel rootkits change kernel data structures and code – for example, through system call hijacking.
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
US / Canada
UK / Australia
Direct Download
Read full article as PDF:
Price $2.95
News
-
EndeavorOS 21.4 Has Arrived
Arch-based EndeavorOS 21.4 is finally available for download with plenty of new features and improvements.
-
NixOS 21.11 Now Available for Download
NixOS “Porcupine” has been made available for installation and includes numerous improvements.
-
KDE Plasma Developers Introduce a GNOME-Like Overview
A new overview effect makes it easier for users to interact with both Plasma Activities and Virtual Desktops.
-
Rocky Linux 8.5 Now Available with Secure Boot Support
The latest iteration of CentOS alternative, Rocky Linux has arrived and includes numerous updates as well as support for Secure Boot.
-
System76 Developing a New Desktop Environment
The makers of Pop!_OS are currently in the early stages of creating a brand new, non-GNOME, desktop environment.
-
Hetzner Opens New Location in the USA
The Hetzner cost-effective Cloud solution has arrived in the United States to offer cloud servers that offer solid performance without a high price.
-
KDE Plasma 5.24 Introduces Fingerprint Reader Support
The next release of the KDE Plasma desktop environment will include support for fingerprint readers for session authentication and more.
-
Ubuntu 21.10 Released and Finally Includes Gnome 40
The most anticipated update to Ubuntu is finally here and the workflow couldn't be better.
-
Linux Can Now Run on Apple’s M1 Chipset
Linux users looking to take advantage of Apple Silicon are about to get their wish with the M1 chipset.
-
MX Linux 21 RC Candidate Available For Testing
The MX Linux development team has released the RC images for MX Linux 21 for testing purposes.