the linux kernel
Post on 03-Jan-2016
Embed Size (px)
DESCRIPTIONthe linux kernel and its various features. The Linux Kernel. The kernel. kernels. kernels are typically classified in one of two categories: monolithic all inclusive large faster modular small core additional modules activated dynamically slower. why configure the kernel. - PowerPoint PPT Presentation
The Linux Kernelthe linux kernelandits various features
kernelskernels are typically classified in one of two categories:monolithicall inclusivelargefastermodularsmall coreadditional modules activated dynamicallyslower
why configure the kernelEnhance system performanceIncrease security Increase flexibilityIncrease reliabilityAdd support for new type of devicesRemove overhead
four basic methods to customizeModify tunable kernel configuration parametersBuilding from scratch (source code)Loading new drivers and modules into an existing kernel on the flyProviding operational directives and modules into an existing kernel on the fly
tuning kernel parametersKernel - one size doesnt fit allSpecial hook parameters allow kernel adjustmentsSpecial files in /proc/sys let you view and set kernel options at run timesysctl command is permanent way to modify parameters. /etc/sysctl.conf read at boot time and set custom parameters values
sysctl examplessysctl net.ipv4.ip_forward=0 turns off ipforwardingautoejectfile-max default 4096ctrl-alt-delicmp_echo_ignore_all
adding device driverA device driver is a program that manages the systems interaction with a piece of hardware. The driver layer keeps Linux device independentOne of three formsA patch against kernel versionA loadable moduleInstallation script or package to install patch#cd path_to_kernal_src#patch p1 < patch_file
loadable kernel modules LKMlinux commands:lsmodlist active modulesinsmod insert/load modulermmod remove/delete modulemodprobenewer replaces above l i -rdepmod -aupdate module dependencies
linux kernellinux kernel is often named vmlinuzlinux kernel is usually foundeither in directory /bootor in directory /modules found in directory /lib/modules
linux kernelcompiling the linux 2.6 kernelgreatly simplified from previous kernel versionsdoes require considerable knowledge regarding system hardware and its configurationcertainly a leap of faith, especially the first time
building a kernel - outlineDownload kernel sourceUncompress to kernel source /usr/srcConfig options via make menuconfig, make xconfig, make gconfigCompile steps: run make cleanRun makeRun make modules_installCopy install files to /boot/vmlinuzEdit boot loader /etc/lilo or boot/grub/grub.config add config line for new kernel
linux kernelobtaining the source codelinux kernel archivewww.kernel.orgsource code is transferred to directory /usr/src/linux-2.6.x.x/usr/src/linux is symbolic link to the most current kernel source tree
compiling the linux kernelmust be root usermust be in directory /usr/src/linuxfirst step: configurationmake configmake menuconfigmake xconfigmake gconfiggenerates a configuration file .configrecommend saving a second copye.g., second_config
compiling the linux kernelsecond step: compilationmakemake modules_installboth of these steps can be quite time consuming!third step: installationcp System.map /boot/System.map-2.6.xcp .config /boot/config-2.6.xcp arch/i386/boot/bzImage /boot/kernel-2.6.xfinal step: boot loader updateedit either /etc/lilo.conf or /boot/grub/grub.conf
loadable kernel modulesnot part of original linux designpart of a natural evolution in the operating systemdevice drivers have always been modular in natureloadable kernel modules (LKMs)save memoryfaster to debug and maintainslower, only if necessary to reload into memory
loadable kernel modulesWithout loadable kernel modules, an operating system would have to have all possible anticipated functionality already compiled directly into the base kernel. Much of that functionality would reside in memory without being used, wasting memory, and would require that users rebuild and reboot the base kernel every time new functionality is desired. Most operating systems supporting loadable kernel modules will include modules to support most desired functionality.
There are six main things LKMs are used for: Device drivers. Filesystem drivers. System calls. Network drivers. TTY line disciplines Executable interpreters.
For more info: http://tldp.org/HOWTO/Module-HOWTO/x197.html
loadable kernel modulesLKMs are typically used to add support for new hardware and/or filesystems, or for adding system calls. When the functionality provided by an LKM is no longer required, it can be unloaded in order to free memory
loadable kernel modulesmodule operationmay be totally transparent to the usermay display its presence as a virtual file in the directory /proc
loadable kernel modulesLKMs provide a great deal of power to system programmersquick prototypingquick patches for bugsbut LKMs also provide a foothold for crackerscan trojan important modulesmany rootkits make use of LKMs
attacking LKMsLKMs can be trojanedless popular than more traditional attacks on external commandsrequires compilation on the host (requires root)compilermmod insmod cracker software:knarkadorerkit
attacking LKMscountermeasures:kernel 2.6 now includes the configuration option to disable the ability to unload a module!monitor files in /lib/modulesmake these files immutable
attacking the linux kernelsignificantly more complicated than attacking LKMsbut also significantly more devastatingmust modify the kernel source treemust reconfigure and recompile a kernelmust reboot the systemthis is usually quite noticeable!!!
strengthening the kernelOpenwall Project Linux Security PatchSecurity enhanced os & utilitieswww.openwall.com
LIDS: Linux Intrusion Detection Systemadditional security features added to kernelwww.lids.org
hardening the kernelgrsecurity kernel security patchesSE-Linux security enhanced LinuxLCAP Linux Kernel Capability Remover systrace - enforces system call policies for applications lsm Linux security modules
There different types of kernel designs. A Monolithic kernel is a static kernel once you build it, you cannot change it without recompiling it. It is generally smaller and faster but less flexible.
A modular kernel is dynamic, you can change on the fly without recompiling it. The core of the kernel is loaded into memory and the modules are loaded as the are needed. It is more flexible but slower. The important thing to note here is that with a monolithic kernel, the whole kernel is loaded into memory in a restricted area. Users cannot get to this area of memory.
The Microkernel or module kernel loads kernel modules in user space in memory.The hybrid kernel is uses features of both the monolithic and microkernel.This is a great pictorial. Go to http://users.gentoo.or.kr/data/file/free/747165625_e20c2289_kernel.png. You gain a deeper understanding of all that went into this operating system. What is really neat here is that you can get the source code to the kernel. So if you wanted to rewrite kernel routines you could. WoW!!!!One perfect example of why you would want to tune a kernel is Google. The use a highly customized Red Hat kernel. They tune it to do one thing search! They probably removed many of the bells and whistles from the kernel that they didnt really need to gain speed and perforamce.One way to simple customize the kernel is to edit the /etc/sysctl.conf file. Above are a couple of features you can turn on or off. These features are security related.Driver support can be in the form of a patch, loadable module or script file.Commands to list, insert and remove kernel modules.Directories where the kernel is stored.The 2.6 kernel is much easier to compile than earlier kernels. The neat thing is that if you compile a newer kernel and it will not work you can always boot up your system on the original kernel.Steps involved in this.Take a look at www.kernel.org. Make config and make menuconfig are text mode.
Make xconfig and gconfig are graphical configuration menus.Compiling the kernel can take a long time depending on the speed of the hardware your compiling it on.
I have seen kernels compile for almost 3 hours on a P3 500 MHZ PC.Loadable modules really played a big roll when systems didnt have a lot memory. The theory was to load a small kernel in memory thus requiring less system resources and overhead. Load the modules for kernel features on a as needed bases.
Note kernel modules let your change the kernel functionality WITHOUT having to reboot the system. SWEET!!!!Hardware driver support in loadable modules.Loadable modules can be hacked.The file attribute immutable means the file cannot be modified, deleted, renamed or linked to and no data can be written to the file.The kernel can be harden. SE-linux can be turned on when installing CentOS. Its a feature of this distribution.