security/wiki
8
0
Fork 1
generated from sig_core/wiki-template
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Deployed 1e6477d with MkDocs version: 1.6.0

Browse Source
This commit is contained in:
2024-05-22 20:28:51 +00:00
parent 366e7df8a9
commit d86a02c982
3 changed files with 24 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
news/index.html
View File

@ -322,6 +322,15 @@
</label>
<ul class="md-nav__list" data-md-component="toc" data-md-scrollfix>
<li class="md-nav__item">
<a href="#may-22-2024" class="md-nav__link">
<span class="md-ellipsis">
May 22, 2024
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#may-20-2024" class="md-nav__link">
<span class="md-ellipsis">
@ -872,6 +881,8 @@
<h1 id="news">News<a class="headerlink" href="#news" title="Permanent link">&para;</a></h1>
<p>These are what we consider significant SIG/Security news items, not an exhaustive list of package updates and wiki edits.</p>
<h2 id="may-22-2024">May 22, 2024<a class="headerlink" href="#may-22-2024" title="Permanent link">&para;</a></h2>
<p><a href="../packages/lkrg/">lkrg</a> <code>0.9.8-2.el9_4.security</code> is a rebuild of the Linux Kernel Runtime Guard for EL 9.4.</p>
<h2 id="may-20-2024">May 20, 2024<a class="headerlink" href="#may-20-2024" title="Permanent link">&para;</a></h2>
<p><a href="../packages/glibc/">glibc</a> <code>2.34-100.el9_4.security.0.8</code> contains all of our changes so far rebased on top of 9.4's <code>2.34-100</code>,
which was still missing the iconv and nscd security fixes, so our addition of those is still relevant.</p>
@ -943,7 +954,7 @@ A typical facility is a SUID/SGID/setcap program or a configuration setting of a
<span class="md-icon" title="Last update">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M21 13.1c-.1 0-.3.1-.4.2l-1 1 2.1 2.1 1-1c.2-.2.2-.6 0-.8l-1.3-1.3c-.1-.1-.2-.2-.4-.2m-1.9 1.8-6.1 6V23h2.1l6.1-6.1-2.1-2M12.5 7v5.2l4 2.4-1 1L11 13V7h1.5M11 21.9c-5.1-.5-9-4.8-9-9.9C2 6.5 6.5 2 12 2c5.3 0 9.6 4.1 10 9.3-.3-.1-.6-.2-1-.2s-.7.1-1 .2C19.6 7.2 16.2 4 12 4c-4.4 0-8 3.6-8 8 0 4.1 3.1 7.5 7.1 7.9l-.1.2v1.8Z"/></svg>
</span>
<span class="git-revision-date-localized-plugin git-revision-date-localized-plugin-date">May 20, 2024</span>
<span class="git-revision-date-localized-plugin git-revision-date-localized-plugin-date">May 22, 2024</span>
</span>

16
packages/lkrg/index.html
View File

@ -780,7 +780,7 @@
<h1 id="extra-package-lkrg">Extra package: lkrg<a class="headerlink" href="#extra-package-lkrg" title="Permanent link">&para;</a></h1>
<h2 id="el9">EL9<a class="headerlink" href="#el9" title="Permanent link">&para;</a></h2>
<ul>
<li>Version <code>0.9.8-1.el9_3.security</code></li>
<li>Version <code>0.9.8-2.el9_4.security</code></li>
<li>Based on upstream version <code>0.9.8</code></li>
</ul>
<h2 id="el8">EL8<a class="headerlink" href="#el8" title="Permanent link">&para;</a></h2>
@ -792,7 +792,7 @@
<p>LKRG, or Linux Kernel Runtime Guard, is a kernel module that performs runtime integrity checking of the Linux kernel and detection of security vulnerability exploits against the kernel.</p>
<p>More information is available on the <a href="https://lkrg.org">LKRG homepage</a> and in the documentation files included in the package.</p>
<h3 id="usage-in-rocky-linux">Usage in Rocky Linux<a class="headerlink" href="#usage-in-rocky-linux" title="Permanent link">&para;</a></h3>
<p>Due to EL's kABI stability and the <code>weak-modules</code> mechanism, which this package uses, the same binary package of LKRG usually works across different kernel revisions/builds within the same EL minor release (e.g., 9.3). Once there's a new minor release (e.g., 9.3 is upgraded to 9.4), we'll provide a new build of LKRG accordingly.</p>
<p>Due to EL's kABI stability and the <code>weak-modules</code> mechanism, which this package uses, the same binary package of LKRG usually works across different kernel revisions/builds within the same EL minor release (e.g., 9.4). Once there's a new minor release (e.g., 9.4 is upgraded to 9.5), we'll provide a new build of LKRG accordingly.</p>
<p>Installing the package does not automatically start LKRG nor enable it to start on system bootup. To start LKRG please use:</p>
<div class="highlight"><pre><span></span><code>systemctl start lkrg
</code></pre></div>
@ -800,13 +800,19 @@
<div class="highlight"><pre><span></span><code>systemctl enable lkrg
</code></pre></div>
<h3 id="testing-and-recovery">Testing and recovery<a class="headerlink" href="#testing-and-recovery" title="Permanent link">&para;</a></h3>
<p>Although the current package passed our own testing (on 9.3 and 8.9), we recommend that you only enable LKRG to start on system bootup after you've tested it for a while to ensure its compatibility with your system. If you nevertheless run into a boot time issue with LKRG later, you can disable it with the <code>nolkrg</code> kernel command-line option.</p>
<p>Although the current package passed our own testing (on 9.4 and 8.9), we recommend that you only enable LKRG to start on system bootup after you've tested it for a while to ensure its compatibility with your system. If you nevertheless run into a boot time issue with LKRG later, you can disable it with the <code>nolkrg</code> kernel command-line option.</p>
<h3 id="remote-logging">Remote logging<a class="headerlink" href="#remote-logging" title="Permanent link">&para;</a></h3>
<p>LKRG includes a remote kernel message logging capability.
The corresponding userspace tools are found in the <code>lkrg-logger</code> sub-package.
Documentation is also included in there, in <code>/usr/share/doc/lkrg-logger/LOGGING</code>.</p>
<h3 id="change-log">Change log<a class="headerlink" href="#change-log" title="Permanent link">&para;</a></h3>
<div class="highlight"><pre><span></span><code>* Tue Feb 27 2024 Solar Designer &lt;solar@openwall.com&gt; 0.9.8-1
<div class="highlight"><pre><span></span><code>* Wed May 22 2024 Solar Designer &lt;solar@openwall.com&gt; 0.9.8-2
- Pass direct kernel-devel&#39;s build path into make
- Drop &quot;BuildRequires: kernel&quot; as we no longer need /lib/modules/*/build
- Add &quot;BuildRequires: systemd&quot; for the _unitdir RPM macro (apparently this was
previously an indirect dependency via the kernel package)
* Tue Feb 27 2024 Solar Designer &lt;solar@openwall.com&gt; 0.9.8-1
- Update to 0.9.8
- Add logger sub-package
- Mark the sysctl configuration file config(noreplace)
@ -853,7 +859,7 @@ kernel version.
<span class="md-icon" title="Last update">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M21 13.1c-.1 0-.3.1-.4.2l-1 1 2.1 2.1 1-1c.2-.2.2-.6 0-.8l-1.3-1.3c-.1-.1-.2-.2-.4-.2m-1.9 1.8-6.1 6V23h2.1l6.1-6.1-2.1-2M12.5 7v5.2l4 2.4-1 1L11 13V7h1.5M11 21.9c-5.1-.5-9-4.8-9-9.9C2 6.5 6.5 2 12 2c5.3 0 9.6 4.1 10 9.3-.3-.1-.6-.2-1-.2s-.7.1-1 .2C19.6 7.2 16.2 4 12 4c-4.4 0-8 3.6-8 8 0 4.1 3.1 7.5 7.1 7.9l-.1.2v1.8Z"/></svg>
</span>
<span class="git-revision-date-localized-plugin git-revision-date-localized-plugin-date">February 28, 2024</span>
<span class="git-revision-date-localized-plugin git-revision-date-localized-plugin-date">May 22, 2024</span>
</span>

2
search/search_index.json
View File

File diff suppressed because one or more lines are too long