others-prepare for cks exam with me 4: Linux kernal hardening

May 25, 2021

1. Purpose

In this post, I would continue to write about preparing for the CKS (Certified Kubernetes Security Specialist) exam. I would write my own notes about the exam, and you can refer to these articles to prepare your own.

List of the series of posts:

-prepare for cks exam with me 1: Linux user and group management

-prepare for cks exam with me 2: Linux ssh hardening

-prepare for cks exam with me 3: Linux remove obsolete packages and services

-prepare for cks exam with me 4: Linux kernal hardening

-prepare for cks exam with me 5: Linux UFW（Uncomplicated firewall）

-prepare for cks exam with me 6: Seccomp in Linux, Docker and Kubernetes

-prepare for cks exam with me 7: Apparmor in Linux, Docker and Kubernetes

-prepare for cks exam with me 8: Security context in Kubernetes

-prepare for cks exam with me 9: Admission controllers in Kubernetes

-prepare for cks exam with me 10: Pod security policy in Kubernetes

-prepare for cks exam with me 11: Open policy agent in Kubernetes

-prepare for cks exam with me 12: Secrets in Kubernetes

-prepare for cks exam with me 13: Container runtimes(gvisor/kata containers) in Kubernetes

-prepare for cks exam with me 14: Container Image security in Docker and Kubernetes

-prepare for cks exam with me 15: How to print docker images of all pods in kubernetes

2. Environment

CKS
Ubuntu System

3. Linux kernal hardening

3.1 Load module

We can use modprobe to load a module into kernal, for example, to load the pcspkr module

$ modprobe pcspkr

modprobe is a command of linux that can load a specified individual module or load a group of dependent modules. modprobe will determine which modules to load based on the dependencies generated by depmod. If an error occurs during the loading process, the entire set of modules will be uninstalled in modprobe

3.2 List all loaded modules

We can use lsmod to list all loaded modules in kernal.

$ lsmod

lsmod is actually the abbreviation of list modules, which lists all modules. Function description: Display the modules that have been loaded into the system. Description: Executing the lsmod command will list all the modules that have been loaded into the system. … The lsmod command can beautifully display the contents of /prco/module, which are the information of the modules that have been loaded by the kernel

3.3 Prohibit or disable a module in kernal

We can disable some modules in kernal.

If you do not want to disable loading the pcspkr and sctp modules, you can do this:

$ vi /etc/modprobe.d/blacklist.conf
# add the below two lines to the file

blacklist pcspkr
blacklist sctp

Then you should restart the system to make it work

$ shutdown -r now

3.4 View loaded modules

We can use lsmod to view the loaded modules in kernal:

$ lsmod | grep pcspkr
$ lsmod | grep sctp

4. Summary

In this post, I write some examples about how to do linux kernal hardening when using linux operating systems.