lkrg
fapolicyd
Our great sponsors
lkrg | fapolicyd | |
---|---|---|
7 | 3 | |
397 | 181 | |
6.5% | 1.1% | |
7.9 | 8.3 | |
6 days ago | 16 days ago | |
C | C | |
GNU General Public License v3.0 or later | GNU General Public License v3.0 only |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
lkrg
-
[Security] Questions about LKRG and Debian hardening-runtime
What's the difference between LKRG and hardening-runtimepackage?
- LKRG – Linux Kernel Runtime Guard
-
Tetragone: A Lesson in Security Fundamentals
Similar concerns affect LKRG. Check out the LKRG bypass article by Alexander Popov for the details.
-
windows kernel patch guard-like for linux ?
I'm not an expert, but I can think of two things related to the integrity of Linux kernel. Linux has the ability to mark itself tainted 1 if you, as example, load proprietary drivers. On the other hand, there's Linux Kernel Runtime Guard (LKRG) 2 that performs integrity check on Linux kernel and detects exploits.
-
Need help with template modification
I'll try to make this as succinct as possible. I use the Linux Kernel Runtime Guard with my kernel as a security measure, and I use xbps-src to compile the kernel myself.
- Linux Kernel Runtime Guard (LKRG)
- Linux Kernel Runtime Guard
fapolicyd
- Fapolicy troubleshooting
- fapolicyd should gracefully start despite errors in fapolicyd.conf
-
Best practices for public-facing machines
I'd consider fapolicyd for untrusted guest account systems. It ensures that only applications installed through the package manager can be run, i.e. no downloads of a local exploit and running ./hack on the terminal.
What are some alternatives?
ebpfkit - ebpfkit is a rootkit powered by eBPF
bouheki - bouheki is KRSI(eBPF+LSM) based Linux security auditing tool.
iohook - Node.js global keyboard and mouse listener.
linux-hardened - Minimal supplement to upstream Kernel Self Protection Project changes. Features already provided by SELinux + Yama and archs other than multiarch arm64 / x86_64 aren't in scope. Only tags have stable history. Shared IRC channel with KSPP: irc.libera.chat #linux-hardening
radare2 - UNIX-like reverse engineering framework and command-line toolset
zen-kernel - Zen Patched Kernel Sources
ish - Linux shell for iOS
wiser - :racehorse: Extremely minimal vmm for linux written in C. Hopefully someday will spin linux-vm for you.
linux - Linux kernel variant from Analog Devices; see README.md for details
suhosin7 - Suhosin Extension for PHP 7.x
rke2