In this post, I would continue to write about preparing for the CKS (Certified Kubernetes Security Specialist) exam. I would write my own notes about the exam, and you can refer to these articles to prepare your own.
List of the series of posts:
- Ubuntu System
3. Linux kernal hardening
3.1 Load module
We can use modprobe to load a module into kernal, for example, to load the pcspkr module
$ modprobe pcspkr
modprobe is a command of linux that can load a specified individual module or load a group of dependent modules. modprobe will determine which modules to load based on the dependencies generated by depmod. If an error occurs during the loading process, the entire set of modules will be uninstalled in modprobe
3.2 List all loaded modules
We can use lsmod to list all loaded modules in kernal.
lsmod is actually the abbreviation of list modules, which lists all modules. Function description: Display the modules that have been loaded into the system. Description: Executing the lsmod command will list all the modules that have been loaded into the system. … The lsmod command can beautifully display the contents of /prco/module, which are the information of the modules that have been loaded by the kernel
3.3 Prohibit or disable a module in kernal
We can disable some modules in kernal.
If you do not want to disable loading the pcspkr and sctp modules, you can do this:
$ vi /etc/modprobe.d/blacklist.conf # add the below two lines to the file blacklist pcspkr blacklist sctp
Then you should restart the system to make it work
$ shutdown -r now
3.4 View loaded modules
We can use lsmod to view the loaded modules in kernal:
$ lsmod | grep pcspkr $ lsmod | grep sctp
In this post, I write some examples about how to do linux kernal hardening when using linux operating systems.