generated from sig_core/wiki-template
Deployed 1e6477d
with MkDocs version: 1.6.0
This commit is contained in:
parent
366e7df8a9
commit
d86a02c982
@ -322,6 +322,15 @@
|
||||
</label>
|
||||
<ul class="md-nav__list" data-md-component="toc" data-md-scrollfix>
|
||||
|
||||
<li class="md-nav__item">
|
||||
<a href="#may-22-2024" class="md-nav__link">
|
||||
<span class="md-ellipsis">
|
||||
May 22, 2024
|
||||
</span>
|
||||
</a>
|
||||
|
||||
</li>
|
||||
|
||||
<li class="md-nav__item">
|
||||
<a href="#may-20-2024" class="md-nav__link">
|
||||
<span class="md-ellipsis">
|
||||
@ -872,6 +881,8 @@
|
||||
|
||||
<h1 id="news">News<a class="headerlink" href="#news" title="Permanent link">¶</a></h1>
|
||||
<p>These are what we consider significant SIG/Security news items, not an exhaustive list of package updates and wiki edits.</p>
|
||||
<h2 id="may-22-2024">May 22, 2024<a class="headerlink" href="#may-22-2024" title="Permanent link">¶</a></h2>
|
||||
<p><a href="../packages/lkrg/">lkrg</a> <code>0.9.8-2.el9_4.security</code> is a rebuild of the Linux Kernel Runtime Guard for EL 9.4.</p>
|
||||
<h2 id="may-20-2024">May 20, 2024<a class="headerlink" href="#may-20-2024" title="Permanent link">¶</a></h2>
|
||||
<p><a href="../packages/glibc/">glibc</a> <code>2.34-100.el9_4.security.0.8</code> contains all of our changes so far rebased on top of 9.4's <code>2.34-100</code>,
|
||||
which was still missing the iconv and nscd security fixes, so our addition of those is still relevant.</p>
|
||||
@ -943,7 +954,7 @@ A typical facility is a SUID/SGID/setcap program or a configuration setting of a
|
||||
<span class="md-icon" title="Last update">
|
||||
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M21 13.1c-.1 0-.3.1-.4.2l-1 1 2.1 2.1 1-1c.2-.2.2-.6 0-.8l-1.3-1.3c-.1-.1-.2-.2-.4-.2m-1.9 1.8-6.1 6V23h2.1l6.1-6.1-2.1-2M12.5 7v5.2l4 2.4-1 1L11 13V7h1.5M11 21.9c-5.1-.5-9-4.8-9-9.9C2 6.5 6.5 2 12 2c5.3 0 9.6 4.1 10 9.3-.3-.1-.6-.2-1-.2s-.7.1-1 .2C19.6 7.2 16.2 4 12 4c-4.4 0-8 3.6-8 8 0 4.1 3.1 7.5 7.1 7.9l-.1.2v1.8Z"/></svg>
|
||||
</span>
|
||||
<span class="git-revision-date-localized-plugin git-revision-date-localized-plugin-date">May 20, 2024</span>
|
||||
<span class="git-revision-date-localized-plugin git-revision-date-localized-plugin-date">May 22, 2024</span>
|
||||
</span>
|
||||
|
||||
|
||||
|
@ -780,7 +780,7 @@
|
||||
<h1 id="extra-package-lkrg">Extra package: lkrg<a class="headerlink" href="#extra-package-lkrg" title="Permanent link">¶</a></h1>
|
||||
<h2 id="el9">EL9<a class="headerlink" href="#el9" title="Permanent link">¶</a></h2>
|
||||
<ul>
|
||||
<li>Version <code>0.9.8-1.el9_3.security</code></li>
|
||||
<li>Version <code>0.9.8-2.el9_4.security</code></li>
|
||||
<li>Based on upstream version <code>0.9.8</code></li>
|
||||
</ul>
|
||||
<h2 id="el8">EL8<a class="headerlink" href="#el8" title="Permanent link">¶</a></h2>
|
||||
@ -792,7 +792,7 @@
|
||||
<p>LKRG, or Linux Kernel Runtime Guard, is a kernel module that performs runtime integrity checking of the Linux kernel and detection of security vulnerability exploits against the kernel.</p>
|
||||
<p>More information is available on the <a href="https://lkrg.org">LKRG homepage</a> and in the documentation files included in the package.</p>
|
||||
<h3 id="usage-in-rocky-linux">Usage in Rocky Linux<a class="headerlink" href="#usage-in-rocky-linux" title="Permanent link">¶</a></h3>
|
||||
<p>Due to EL's kABI stability and the <code>weak-modules</code> mechanism, which this package uses, the same binary package of LKRG usually works across different kernel revisions/builds within the same EL minor release (e.g., 9.3). Once there's a new minor release (e.g., 9.3 is upgraded to 9.4), we'll provide a new build of LKRG accordingly.</p>
|
||||
<p>Due to EL's kABI stability and the <code>weak-modules</code> mechanism, which this package uses, the same binary package of LKRG usually works across different kernel revisions/builds within the same EL minor release (e.g., 9.4). Once there's a new minor release (e.g., 9.4 is upgraded to 9.5), we'll provide a new build of LKRG accordingly.</p>
|
||||
<p>Installing the package does not automatically start LKRG nor enable it to start on system bootup. To start LKRG please use:</p>
|
||||
<div class="highlight"><pre><span></span><code>systemctl start lkrg
|
||||
</code></pre></div>
|
||||
@ -800,13 +800,19 @@
|
||||
<div class="highlight"><pre><span></span><code>systemctl enable lkrg
|
||||
</code></pre></div>
|
||||
<h3 id="testing-and-recovery">Testing and recovery<a class="headerlink" href="#testing-and-recovery" title="Permanent link">¶</a></h3>
|
||||
<p>Although the current package passed our own testing (on 9.3 and 8.9), we recommend that you only enable LKRG to start on system bootup after you've tested it for a while to ensure its compatibility with your system. If you nevertheless run into a boot time issue with LKRG later, you can disable it with the <code>nolkrg</code> kernel command-line option.</p>
|
||||
<p>Although the current package passed our own testing (on 9.4 and 8.9), we recommend that you only enable LKRG to start on system bootup after you've tested it for a while to ensure its compatibility with your system. If you nevertheless run into a boot time issue with LKRG later, you can disable it with the <code>nolkrg</code> kernel command-line option.</p>
|
||||
<h3 id="remote-logging">Remote logging<a class="headerlink" href="#remote-logging" title="Permanent link">¶</a></h3>
|
||||
<p>LKRG includes a remote kernel message logging capability.
|
||||
The corresponding userspace tools are found in the <code>lkrg-logger</code> sub-package.
|
||||
Documentation is also included in there, in <code>/usr/share/doc/lkrg-logger/LOGGING</code>.</p>
|
||||
<h3 id="change-log">Change log<a class="headerlink" href="#change-log" title="Permanent link">¶</a></h3>
|
||||
<div class="highlight"><pre><span></span><code>* Tue Feb 27 2024 Solar Designer <solar@openwall.com> 0.9.8-1
|
||||
<div class="highlight"><pre><span></span><code>* Wed May 22 2024 Solar Designer <solar@openwall.com> 0.9.8-2
|
||||
- Pass direct kernel-devel's build path into make
|
||||
- Drop "BuildRequires: kernel" as we no longer need /lib/modules/*/build
|
||||
- Add "BuildRequires: systemd" for the _unitdir RPM macro (apparently this was
|
||||
previously an indirect dependency via the kernel package)
|
||||
|
||||
* Tue Feb 27 2024 Solar Designer <solar@openwall.com> 0.9.8-1
|
||||
- Update to 0.9.8
|
||||
- Add logger sub-package
|
||||
- Mark the sysctl configuration file config(noreplace)
|
||||
@ -853,7 +859,7 @@ kernel version.
|
||||
<span class="md-icon" title="Last update">
|
||||
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M21 13.1c-.1 0-.3.1-.4.2l-1 1 2.1 2.1 1-1c.2-.2.2-.6 0-.8l-1.3-1.3c-.1-.1-.2-.2-.4-.2m-1.9 1.8-6.1 6V23h2.1l6.1-6.1-2.1-2M12.5 7v5.2l4 2.4-1 1L11 13V7h1.5M11 21.9c-5.1-.5-9-4.8-9-9.9C2 6.5 6.5 2 12 2c5.3 0 9.6 4.1 10 9.3-.3-.1-.6-.2-1-.2s-.7.1-1 .2C19.6 7.2 16.2 4 12 4c-4.4 0-8 3.6-8 8 0 4.1 3.1 7.5 7.1 7.9l-.1.2v1.8Z"/></svg>
|
||||
</span>
|
||||
<span class="git-revision-date-localized-plugin git-revision-date-localized-plugin-date">February 28, 2024</span>
|
||||
<span class="git-revision-date-localized-plugin git-revision-date-localized-plugin-date">May 22, 2024</span>
|
||||
</span>
|
||||
|
||||
|
||||
|
File diff suppressed because one or more lines are too long
Loading…
Reference in New Issue
Block a user