Did you know that you can navigate the posts by swiping left and right?

Linux Kernel Security Suite

29 Aug 2015 . category: tech . Comments
#linux #kernel #opensource

Rootkits. A word that gives whitehats goosebumps and makes sys admins cry in their shower. In a nutshell, rootkits are binaries that are executed in the kernel of the OS, which practically means they are a God and your machine is their pet. Of course in order to add a rootkit in the kernel you need root permissions, but social engineering and 0-days make this two or three pieces of cake.

Let’s see what a typical rootkit will do:

  • Hide files
  • Hide processes
  • Install malicious software (and nobody will notice because of 1 and 2 :smile:)
  • Steal certificates and passwords
  • Log all the activity of your machine

All of the above are realized by altering the system call table. Scary stuff, right? In Mr. Robot rootkits are described as

A crazy serial rapist with a very big dick.

There are ways to protect yourself from them, but of course it’s a mouse and cat game that never ends.

A few years ago my job was to protect linux servers from rootkits and later I kept digging deeper as a hobby, and it’s about time to open source this work.

The suite includes the following (whitehat) rootkits:

The Drip Dry Carbonite

Protects the system call table. In case of an attempt of modifying it, snapshots of the processes running in the system are logged remotely and the machine gets frozen (that’s why it’s called Carbonite).

Dresden

Blocks all the attempts to insert rootkits in the kernel, dumps their instruction memory and logs a critical message.

Netlog

Logs all network communication by probing the inet stack of the kernel.

In the future I will post about some interesting snippets of the source code. The repo lives here and don’t forget to star.


Me

Panos is a Computer Scientist with scientific publications in top conferences and journals, several patent applications, open-source contributions on privacy preserving products and a proven track record of delivering secure, reliable and fast cloud services. In the past, he worked as a Linux kernel developer at the CERN CERT team, did Machine Learning research at the University of Athens and innovated on Microsoft’s Office 365 cloud services. Currently he is on a mission to contribute to the mass adoption of cryptocurrencies.