Problem solve Get help with specific problems with your technologies, process and projects.

Built-in mechanisms for securing the kernel

Security expert James Turnbull sugguests OpenWall and LIDS as two examples of built-in mechanisms that can help to further secure the Linux kernel.

Other than SELinux or similar frameworks, what built-in mechanisms exist for securing Linux Kernel? What changes are made in source code?

There are a number of tools that can further secure the Linux kernel. OpenWall, LIDS and Pax/grsecurity are all examples of modules that can be compiled into the kernel to perform this function. The changes they make to the source code greatly vary depending on the function of the tool. Some of the functions that kernel security modules introduce include Role-Based Access Control (RBAC), chrooting, buffer overflow protection, better handling of race conditions and additional auditing or intrusion detection.

I suggest reading the documentation for each tool and selecting the one that best suits your environment. Some tools require extensive setup and configuration, like SELinux and other ACL/RBAC-style tools, and others can be introduced without configuration, though you will need to still ensure your applications and daemons function correctly.

Dig Deeper on Linux servers

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.