Giter Site home page Giter Site logo

lsprobe's Introduction

lsprobe

A toy permissive Linux security module for security ops research.

Building

Prerequisites

  • About 23 GB of the hard drive space (about 2.5 GB for sources plus 20 GB to build packages)
  • 2-3 hours on 2 x86 cores with 4Gb RAM (see Notes)

Dependencies

  • Ubuntu 16.04:
sudo apt-get install git build-essential kernel-package fakeroot libncurses5-dev libssl-dev
  • Debian 9
apt-get install git build-essential fakeroot libncurses5-dev libssl-dev libelf-dev bison flex

Sources

Get kernel sources and put module sourcess into security folder:

git clone git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git
cd ./linux-stable
git checkout -b stable v5.0
cd ./security/
git clone https://github.com/0xADB/lsprobe.git
cd ..

Integrate lsprobe to build process:

  • Add to security/Kconfig:
source "security/integrity/Kconfig"
source "security/lsprobe/Kconfig" # <-- this line
  • Add to security/Makefile:
subdir-$(CONFIG_SECURITY_YAMA)         += yama
subdir-$(CONFIG_SECURITY_LSPROBE)      += lsprobe # <--this line
...
obj-$(CONFIG_SECURITY_YAMA)            += yama/
obj-$(CONFIG_SECURITY_LSPROBE)         += lsprobe/ # <-- and this line

Integrate lsprobe to boot process:

  • add to include/linux/lsm_hooks.h
#ifdef CONFIG_SECURITY_YAMA
extern void __init yama_add_hooks(void);
#else
static inline void __init yama_add_hooks(void) { }
#endif
#ifdef CONFIG_SECURITY_LSPROBE			      // these lines
extern void __init lsprobe_add_hooks(void);	      //
#else						      //
static inline void __init lsprobe_add_hooks(void) { } //
#endif						      //
  • insert into security_init function in security/security.c:
yama_add_hooks();
lsprobe_add_hooks(); // this line

Configuration

Go to the linux-stable directory and clone current config and adapt it choosing default answers:

cp /boot/config-$(uname -r) .config
yes '' | make oldconfig

Customize it by

make menuconfig

selecting in the Security options directory the Security probe entry.

Building package

In the linux-stable directory:

rm vmlinux-gdb.py # see Notes
make -j $(getconf _NPROCESSORS_ONLN) deb-pkg LOCALVERSION="-lsprobed"

On success the .deb package will be in the directory above:

ls ../*.deb

Building just kernel

In the linux-stable directory:

make -j $(getconf _NPROCESSORS_ONLN) LOCALVERSION="-lsprobed"
sudo make modules_install install
sudo update-grub2

Notes

  • Before building dep-pkg target remove vmlinux-gdb.py symbolic link in linux-stable if any or dpkg-source will complain:
dpkg-source: error: cannot represent change to vmlinux-gdb.py:
dpkg-source: error:   new version is symlink to /mnt/shared_workspace/src/linux-stable/scripts/gdb/vmlinux-gdb.py
dpkg-source: error:   old version is nonexistent
...
dpkg-source: error: unrepresentable changes to source
dpkg-buildpackage: error: dpkg-source -i.git -b linux-stable gave error exit status 1
scripts/package/Makefile:70: recipe for target 'deb-pkg' failed
make[1]: *** [deb-pkg] Error 1
Makefile:1390: recipe for target 'deb-pkg' failed
make: *** [deb-pkg] Error 2
  • Kernel building takes considerable time - on a debian 9 kvm guest with 2 x86-cores (and a browser playing music in a background):
$ time make -j $(getconf _NPROCESSORS_ONLN) LOCALVERSION="-lsprobed"
real	96m52.259s
user	137m26.076s
sys	13m59.624s
$ time make -j $(getconf _NPROCESSORS_ONLN) deb-pkg LOCALVERSION="-lsprobed"
real	130m55.841s
user	178m5.568s
sys	15m15.480s

Also note the hard drive space occupied after the build:

$ du -hs ./*
8.0K	./linux-5.0.0-lsprobed_5.0.0-lsprobed-1_amd64.buildinfo
4.0K	./linux-5.0.0-lsprobed_5.0.0-lsprobed-1_amd64.changes
632K	./linux-5.0.0-lsprobed_5.0.0-lsprobed-1.diff.gz
4.0K	./linux-5.0.0-lsprobed_5.0.0-lsprobed-1.dsc
162M	./linux-5.0.0-lsprobed_5.0.0-lsprobed.orig.tar.gz
11M	./linux-headers-5.0.0-lsprobed_5.0.0-lsprobed-1_amd64.deb
43M	./linux-image-5.0.0-lsprobed_5.0.0-lsprobed-1_amd64.deb
552M	./linux-image-5.0.0-lsprobed-dbg_5.0.0-lsprobed-1_amd64.deb
1012K	./linux-libc-dev_5.0.0-lsprobed-1_amd64.deb
21G	./linux-stable

References

lsprobe's People

Contributors

0xadb avatar

Watchers

James Cloos avatar avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.