Differences

This shows you the differences between two versions of the page.

Link to this comparison view

p_lkrg:Examples [2018/01/25 05:35]
pi3 [Communication channel]
p_lkrg:Examples [2020/12/17 12:28] (current)
solar [Historical Linux Kernel Runtime Guard (LKRG) usage examples] Drop the mention of attacks (irrelevant to this wiki page, was added in error)
Line 1: Line 1:
 {{ :​p_lkrg:​p_lkrg.png?​500 |}} {{ :​p_lkrg:​p_lkrg.png?​500 |}}
  
-\\ +====== Historical Linux Kernel Runtime Guard (LKRG) ​usage examples ======
-\\ +
-[[p_lkrg:​Main|(Click here to return to main LKRG page)]] +
-\\+
  
-====== ​LKRG ======+For general information on LKRG, please visit its [[p_lkrg:​Main|main wiki page]].
  
-LKRG is free and Open Source project distributed primarily ​in source code formYou can download it and prepare custom build by yourselfHowever, if you would rather use a commercial product tailored for your specific operating system, please consider LKRG Pro, which is distributed primarily ​in the form of "​native"​ packages ​for the target operating systems and in general is meant to be easier to install ​and use while delivering optimal performance. Additionally,​ you will help in development of the project (economically). ​LKRG Pro is available <​here>​.+The examples below were written/​recorded in March 2017 through April 2018. We released ​LKRG 0.0 in January 2018The examples are still mostly valid until LKRG 0.7 released ​in July 2019. We've since reworked ​the sysctl'​s ​for LKRG 0.8+ released ​in June 2020, and some LKRG messages are now different.
  
 ====== LKRG files ====== ====== LKRG files ======
Line 45: Line 42:
   lkrg.force_run = 0   lkrg.force_run = 0
   lkrg.log_level = 1   lkrg.log_level = 1
 +  lkrg.random_events = 1
   lkrg.timestamp = 15   lkrg.timestamp = 15
  
Line 55: Line 53:
   - Force (lkrg.force_run) – forces LKRG to run integrity function right now. It is always visible as 0 number. Nevertheless,​ if you set it to 1, the integrity checking function will be immediately fired and value restored to 0 again   - Force (lkrg.force_run) – forces LKRG to run integrity function right now. It is always visible as 0 number. Nevertheless,​ if you set it to 1, the integrity checking function will be immediately fired and value restored to 0 again
   - log level (lkrg.log_level) – it might be a number between 0-4 or 0-6 (if debugging compilation was used). A strong debug provides very useful data to identify where could be a specific problem with LKRG (if it ever appears). Unfortunately,​ it produces tons of logs per execution and must be used only for debugging purpose, not as a normal run.   - log level (lkrg.log_level) – it might be a number between 0-4 or 0-6 (if debugging compilation was used). A strong debug provides very useful data to identify where could be a specific problem with LKRG (if it ever appears). Unfortunately,​ it produces tons of logs per execution and must be used only for debugging purpose, not as a normal run.
 +  - Random events (lkrg.random_events) - only two options are available:
 +    * 0 – do NOT perform integrity checking on the random events (perform it only at regular intervals configured by lkrg.timestamp)
 +    * 1 – perform integrity checking on the random events (as well as at the regular intervals)
   - timestamp (lkrg.timestamp) – changes how often kernel timer will be launched (kernel timer periodically calls integrity function). It can’t be less than 5 seconds (not to eat too much system resources) and not more than 1800 seconds (half an hour) – not to be silent for too long   - timestamp (lkrg.timestamp) – changes how often kernel timer will be launched (kernel timer periodically calls integrity function). It can’t be less than 5 seconds (not to eat too much system resources) and not more than 1800 seconds (half an hour) – not to be silent for too long
  
Line 85: Line 86:
   root@pi3-ubuntu:​~/​p_lkrg-main#​ sysctl -a |grep lkrg   root@pi3-ubuntu:​~/​p_lkrg-main#​ sysctl -a |grep lkrg
   lkrg.block_modules = 0   lkrg.block_modules = 0
 +  lkrg.clean_message = 1
   lkrg.force_run = 0   lkrg.force_run = 0
-  lkrg.log_level = 1 
-  lkrg.timestamp = 15 
   lkrg.hide = 0   lkrg.hide = 0
 +  lkrg.log_level = 0
 +  lkrg.random_events = 1
 +  lkrg.timestamp = 15
   root@pi3-ubuntu:​~/​p_lkrg-main#​ lsmod|grep p_   root@pi3-ubuntu:​~/​p_lkrg-main#​ lsmod|grep p_
   p_lkrg ​                ​94208 ​ 0   p_lkrg ​                ​94208 ​ 0
p_lkrg/Examples.txt · Last modified: 2020/12/17 12:28 by solar
 
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 3.0 Unported
Recent changes RSS feed Donate to DokuWiki Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki Powered by OpenVZ Powered by Openwall GNU/*/Linux