Language Selection

English French German Italian Portuguese Spanish

Kernel Log - Coming in 3.7 (Part 3): Infrastructure

Filed under
Linux

Linux 3.7 can sign kernel modules and verify those signatures and, therefore, the integrity of the modules before loading them (1, 2, 3, 4, 5, 6, 7). Some enterprise distributions have had similar features for a while – for example, to ensure that the modules used for troubleshooting are really from the distribution kernel. Developers have been working on integrating the functionality into Linux as some distributions want to load only signed kernel modules when booted with UEFI secure boot – this is now possible with the integrated code.

Another new feature is the integrity appraisal extension for the Integrity Measurement Architecture (IMA), which the kernel has supported for quite some time now (1, 2). IMA can store signed hashes for files and use them to recognise when binaries from the Linux installation have been changed.

rest here




More in Tux Machines

Software: NetworkManager, Kodi, Cumulus Weather App, Streamlink, Calibre

  • NetworkManager changes and improvements
    NetworkManager is the default service in Fedora for interfacing with the low level networking in the Kernel. It was created to provide a high-level interface for initializing and configuring networking on a system without shell scripts. Over the past few Fedora releases, the NetworkManager developers have put in a lot of effort to make it even better. This article covers some of the major improvements that have been implemented in NetworkManager over the past few Fedora releases.
  • Pioneer Kodi plug-in unplugs
    Developers of the popular Kodi plug-in Navi-X have pulled the plug on further development, citing the "current legal climate" around its work. The developers of the plugin, which first appeared a decade ago, state that they're no longer able to host Navi-X programme guides:
  • Cumulus Weather App for Linux Desktop
    ​Once upon a time, there used to be a very popular app called Stormcloud. And then it was no more. With the developer citing a range of issues including issues with the Yahoo API being used and the lack of time on the part of the developer. Some folks in the Linux community tried resurrecting it by creating a fork called Typhoon. And unfortunately, once again, that did not last for a long time. Now another developer by name Daryl Bennett with the aid of the original developer of Stormcloud has resurrected the app, and now it is called Cumulus.
  • Streamlink – Watch Online Video Streams From Command Line
    Streamlink is a command line streaming utility that allows you to watch online video streams in popular media players, such as VLC, MPlayer, MPlayer2, MPC-HC, mpv, Daum Pot Player, QuickTime, and OMXPlayer etc. It is written using Python programming language, and was forked from LiveStreamer, which is no longer maintained. Streamlink currently supports popular live video streaming services, such as YouTube, Dailymotion, Livestream, Twitch, UStream, and many more. Streamlink is built upon a plugin system which allows support for new services to be easily added. A full list of plugins currently included can be found on the Plugins page. Streamlink supports GNU/Linux, *BSDs, Microsoft Windows, and Mac OS X.
  • Linux utils that you might not know
  • Calibre A Free And Open Source Ebook Management System For Linux
    Having ebooks is really a good thing. It can be read anywhere, you get free from the hassle of storage and many more benefits. But it creates a problem when you got an enormous number of ebooks also in various formats. You will have the problem of searching perfect ebook you want to read at a time, you have to maintain various kind of software for every format and much more.

Security Leftovers: HackerOne, Let's Encrypt, and Shadow Brokers

  • Security updates for Tuesday
  • HackerOne experience with Weblate
    Weblate has started to use HackerOne Community Edition some time ago and I think it's good to share my experience with that. Do you have open source project and want to get more attention of security community? This post will answer how it looks from perspective of pretty small project. I've applied with Weblate to HackerOne Community Edition by end of March and it was approved early in April. Based on their recommendations I've started in invite only mode, but that really didn't bring much attention (exactly none reports), so I've decided to go public.
  • Who Are the Shadow Brokers?
    In 2013, a mysterious group of hackers that calls itself the Shadow Brokers stole a few disks full of National Security Agency secrets. Since last summer, they’ve been dumping these secrets on the internet. They have publicly embarrassed the NSA and damaged its intelligence-gathering capabilities, while at the same time have put sophisticated cyberweapons in the hands of anyone who wants them. They have exposed major vulnerabilities in Cisco routers, Microsoft Windows, and Linux mail servers, forcing those companies and their customers to scramble. And they gave the authors of the WannaCry ransomware the exploit they needed to infect hundreds of thousands of computer worldwide this month. After the WannaCry outbreak, the Shadow Brokers threatened to release more NSA secrets every month, giving cybercriminals and other governments worldwide even more exploits and hacking tools.
  • Why Akamai Supports Let's Encrypt
    The Let's Encrypt project has re-shaped the market for SSL/TLS certificates, providing millions of free security certificate to organization around the world. Among the many backers of Let's Encrypt is content delivery network platform provider Akamai. In a video interview with eSecurityPlanet, Andy Ellis, Chief Security Officer at Akamai, explains why Let's Encrypt matters and his view on the effort's real value.
  • Security in Serverless: What Gets Better, What Gets Worse?
  • Open Source Security Podcast: Episode 48 - Machine Learning: Not actually magic
    Josh and Kurt have a guest! Mike Paquette from Elastic discusses the fundamentals and basics of Machine Learning. We also discuss how ML could have helped with WannaCry.

4 Great Linux Distros Designed for Privacy and Security

Conventional security measures like antivirus programs are behind the curve when it comes to modern hackers and malware. Unfortunately, antivirus software and firewalls give users a false sense of security. In reality, new threats are being developed and unleashed into the wild every single day, and even the best antivirus programs have to play catchup. Recent ransomware attacks (aka. WannaCry) have targeted Windows-based PCs in over 150 countries – cyber security and privacy is incredibly important. Windows and macOS are easy to use and popular; however, they are much more susceptible to malicious code. Linux is free and open source, which means there are hundreds of “flavors.” These individual distributions are tweaked to different specifications. Security-focused users will be pleased to know that there are a number of Linux distros designed with security and privacy in mind. Read more

Linux Foundation and Linux Kernel

  • General Manager of Training at The Linux Foundation Forecasts Cloudy Weather
    Where does The Linux Foundation believe ones time is well spent to catapult their career objectives? It is fairly apparent after reaching out to Clyde Seepersad, General Manager Training and Certification of The Linux Foundation, the cloud is the place to be. When communicating with him on a variety of topics that revolve around The Linux Foundation's certification offerings and education, the central point of focus is the cloud. Clyde provided us with a slew of information about The Linux Foundation's efforts to make sure FLOSS continues to succeed for the foreseeable future.
  • Linux Foundation LFCS and LFCE Pratik Tolia Plans to Become Authorized Instructor
    The Linux Foundation offers many resources for developers, users, and administrators of Linux systems. One of the most important offerings is its Linux Certification Program, which is designed to give you a way to differentiate yourself in a job market that's hungry for your skills.
  • Hughes: Updating Logitech Hardware on Linux
    Logitech has provided firmware updates, but not for "unsupported" platforms like Linux. Hughes has filled that gap by getting documentation and a fixed firmware image from Logitech and adding support for these devices to fwupd. He is now looking for testers to ensure that the whole thing works across all devices. This is important work that is well worth supporting.
  • Updating Logitech Hardware on Linux
    This gave an attacker with $15 of hardware the ability to basically take over remote PCs within wireless range, which could be up to 50m away. This makes sitting in a café quite a dangerous thing to do when any affected hardware is inserted, which for the unifying dongle is quite likely as it’s explicitly designed to remain in an empty USB socket. The main manufacturer of these devices is Logitech, but the hardware is also supplied to other OEMs such as Amazon, Microsoft, Lenovo and Dell where they are re-badged or renamed. I don’t think anybody knows the real total, but by my estimations there must be tens of millions of affected-and-unpatched devices being used every day.
  • An introduction to Libral, a systems management library for Linux
    Linux, in keeping with Unix traditions, doesn't have a comprehensive systems management API. Instead, management is done through a variety of special-purpose tools and APIs, all with their own conventions and idiosyncrasies. That makes scripting even simple systems-management tasks difficult and brittle.
  • Linux Kernel 4.11.2-1 released
  • Cgroups/namespaces/seccomp/capabilities course
  • Linux Shared Libraries course, Munich, Germany, 20 July 2017
    I've scheduled a public instance of my "Building and Using Shared Libraries on Linux" course to take place in Munich, Germany on 20 July 2017. This one-day course provides a thorough introduction to building and using shared libraries. covering topics such as: the basics of creating, installing, and using shared libraries; shared library versioning and naming conventions; the role of the dynamic linker; run-time symbol resolution; controlling symbol visibility; symbol versioning; preloading shared libraries; and dynamically loaded libraries (dlopen). The course format is a mixture of theory and practical.