This shows you the differences between two versions of the page.
p_lkrg:Examples [2018/01/25 05:35] pi3 [Communication channel] |
p_lkrg:Examples [2020/12/17 12:28] (current) solar [Historical Linux Kernel Runtime Guard (LKRG) usage examples] Drop the mention of attacks (irrelevant to this wiki page, was added in error) |
||
---|---|---|---|
Line 1: | Line 1: | ||
{{ :p_lkrg:p_lkrg.png?500 |}} | {{ :p_lkrg:p_lkrg.png?500 |}} | ||
- | \\ | + | ====== Historical Linux Kernel Runtime Guard (LKRG) usage examples ====== |
- | \\ | + | |
- | [[p_lkrg:Main|(Click here to return to main LKRG page)]] | + | |
- | \\ | + | |
- | ====== LKRG ====== | + | For general information on LKRG, please visit its [[p_lkrg:Main|main wiki page]]. |
- | LKRG is free and Open Source project distributed primarily in source code form. You can download it and prepare custom build by yourself. However, if you would rather use a commercial product tailored for your specific operating system, please consider LKRG Pro, which is distributed primarily in the form of "native" packages for the target operating systems and in general is meant to be easier to install and use while delivering optimal performance. Additionally, you will help in development of the project (economically). LKRG Pro is available <here>. | + | The examples below were written/recorded in March 2017 through April 2018. We released LKRG 0.0 in January 2018. The examples are still mostly valid until LKRG 0.7 released in July 2019. We've since reworked the sysctl's for LKRG 0.8+ released in June 2020, and some LKRG messages are now different. |
====== LKRG files ====== | ====== LKRG files ====== | ||
Line 45: | Line 42: | ||
lkrg.force_run = 0 | lkrg.force_run = 0 | ||
lkrg.log_level = 1 | lkrg.log_level = 1 | ||
+ | lkrg.random_events = 1 | ||
lkrg.timestamp = 15 | lkrg.timestamp = 15 | ||
Line 55: | Line 53: | ||
- Force (lkrg.force_run) – forces LKRG to run integrity function right now. It is always visible as 0 number. Nevertheless, if you set it to 1, the integrity checking function will be immediately fired and value restored to 0 again | - Force (lkrg.force_run) – forces LKRG to run integrity function right now. It is always visible as 0 number. Nevertheless, if you set it to 1, the integrity checking function will be immediately fired and value restored to 0 again | ||
- log level (lkrg.log_level) – it might be a number between 0-4 or 0-6 (if debugging compilation was used). A strong debug provides very useful data to identify where could be a specific problem with LKRG (if it ever appears). Unfortunately, it produces tons of logs per execution and must be used only for debugging purpose, not as a normal run. | - log level (lkrg.log_level) – it might be a number between 0-4 or 0-6 (if debugging compilation was used). A strong debug provides very useful data to identify where could be a specific problem with LKRG (if it ever appears). Unfortunately, it produces tons of logs per execution and must be used only for debugging purpose, not as a normal run. | ||
+ | - Random events (lkrg.random_events) - only two options are available: | ||
+ | * 0 – do NOT perform integrity checking on the random events (perform it only at regular intervals configured by lkrg.timestamp) | ||
+ | * 1 – perform integrity checking on the random events (as well as at the regular intervals) | ||
- timestamp (lkrg.timestamp) – changes how often kernel timer will be launched (kernel timer periodically calls integrity function). It can’t be less than 5 seconds (not to eat too much system resources) and not more than 1800 seconds (half an hour) – not to be silent for too long | - timestamp (lkrg.timestamp) – changes how often kernel timer will be launched (kernel timer periodically calls integrity function). It can’t be less than 5 seconds (not to eat too much system resources) and not more than 1800 seconds (half an hour) – not to be silent for too long | ||
Line 85: | Line 86: | ||
root@pi3-ubuntu:~/p_lkrg-main# sysctl -a |grep lkrg | root@pi3-ubuntu:~/p_lkrg-main# sysctl -a |grep lkrg | ||
lkrg.block_modules = 0 | lkrg.block_modules = 0 | ||
+ | lkrg.clean_message = 1 | ||
lkrg.force_run = 0 | lkrg.force_run = 0 | ||
- | lkrg.log_level = 1 | ||
- | lkrg.timestamp = 15 | ||
lkrg.hide = 0 | lkrg.hide = 0 | ||
+ | lkrg.log_level = 0 | ||
+ | lkrg.random_events = 1 | ||
+ | lkrg.timestamp = 15 | ||
root@pi3-ubuntu:~/p_lkrg-main# lsmod|grep p_ | root@pi3-ubuntu:~/p_lkrg-main# lsmod|grep p_ | ||
p_lkrg 94208 0 | p_lkrg 94208 0 |