Linux Hardening Links

on under Hardening
1 minute read

Just dumping some semi-random notes from an obscure course!

Hardening Linux Kernel and Runtime Defenses:
https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project/Recommended_Settings

ASLR adds random offsets to each memory section of the stack.
Without ASLR, process memory is allocated at fixed positions, allowing for an attacker to measure out how far into the buffer they want to go to pop the stack via bof.
randomize_va_space kernel parameter needs to be set to ‘2’.
Compile libraries with -fpic and compile executables with -fpie.

Each section of the heap can have it’s own r-w-x permissions.
X-Space prevents either the write or the execute operation.
This prevents attacker from using a redirect in the bof to move to a larger memory space and squeeze in a larger character payload.
Look up and enable x-space where ever you can. Wish I had more usable info from this course on it.

BOF Prevention and Detection
Secure Coding Guidelines:
https://wiki.sei.cmu.edu/confluence/display/seccode

Tools!
Corona - Binary scanning and hardening check.
Ktest - Run time Kernel Hardening test.
dASLR - Run time check for ASLR capabilities.
Xcheck - Run time check for X-Space support capabilities.

Linux, Runtime Defense
comments powered by Disqus