The Linux Kernel Runtime Guard (LKRG), maintained under the Openwall project, has officially reached version 1.0, more than seven years after its first public release in 2018.
If you are not familiar with it, LKRG is a kernel module that acts as a security layer for the Linux kernel. Its main job is to monitor the kernel while it’s running and catch anything that looks suspicious or unsafe.
For example, if an attacker tries to exploit a kernel vulnerability by overwriting kernel credentials or altering kernel memory, LKRG can detect that behavior. When it finds something abnormal, it can log it, kill the offending process, or take other defensive measures depending on its configuration.
You must log in or register to comment.
Anyone have any experience with this? This seems like the kind of thing that should just always be enabled by default all the time.
Interesting. Does anyone know of a guide to get this setup?
