在线时间:8:00-16:00
迪恩网络APP
随时随地掌握行业动态
扫描二维码
关注迪恩网络微信公众号
开源软件名称(OpenSource Name):a13xp0p0v/linux-kernel-defence-map开源软件地址(OpenSource Url):https://github.com/a13xp0p0v/linux-kernel-defence-map开源编程语言(OpenSource Language):开源软件介绍(OpenSource Introduction):Linux Kernel Defence MapIntroLinux kernel security is a very complex topic. There are many concepts that have interesting relationships with each other:
Some defence technologies are provided by the Linux kernel mainline. Others are going out‑of‑tree for various reasons (some of them are commercial, for example). Moreover, there are kernel defences that depend on special hardware features. It would be convenient to have a graphical representation of Linux kernel security. That's why I have created a Linux Kernel Defence Map showing the relationships between all these concepts. The node connections don't mean "full mitigation." Rather, each connection represents some kind of relationship. So the Linux Kernel Defence Map should help to navigate the documentation and Linux kernel sources. It also provides the Common Weakness Enumeration (CWE) numbers for vulnerability classes. This map describes kernel security hardening. It doesn't cover cutting attack surface, userspace security features and policies enforced by various Linux Security Modules (LSM). How this Map is madeThis map is written in the DOT language, which makes maintenance and updating in Git very convenient. The diagram is generated using GraphViz with the following command:
Do you want to check your kernel configuration?So there are plenty of security hardening options in the Linux kernel. A lot of them are not enabled by the major distros. We have to configure these options ourselves to make our systems more secure. But nobody likes verifying configs manually. So I've created the kconfig-hardened-check that checks security hardening options of the Linux kernel. You are welcome to try it. References
Map for Linux kernel v5.13 |
2023-10-27
2022-08-15
2022-08-17
2022-09-23
2022-08-13
请发表评论