The officially official Devuan Forum!

You are not logged in.

#1 2021-04-13 02:55:05

Eaglet
Member
From: Россия
Registered: 2018-06-24
Posts: 38  
Website

Using LKRG module with Devuan Linux

Hello, comrades!

I want to share with you the intricacies of using the LKRG module in Devuan Linux with DE (Gnome, KDE, LXDE & etc.).
You can find more information about this security module at the link: https://www.openwall.com/lkrg/

To start using this module, you need to download the sources and compile the module itself using the command: "make -j8". Next, install this module using the command: "make install".
Since the installer of this module is intended for Linux systems using systemd, then during installation you will be told about an installation error. It is worth paying attention to this only if you want this module to be loaded at the start of the operating system, but when used on systems with DE (Gnome, KDE, LXDE & etc.) I do not advise you to do this, because . false positives are possible when starting DE. In order for this module to start working at DE startup, you need to create an executable file in the user's working directory, for example, lkrg.sh with the following content:

#!/bin/bash
sleep 10
sudo /sbin/modprobe p_lkrg p_init_log_level=3
sleep 3
sudo /sbin/sysctl lkrg.clean_message=0
exit 0

And add the following information to the "/etc/sudoers" file:

your_user ALL = NOPASSWD: /sbin/sysctl lkrg.clean_message=0,/sbin/modprobe p_lkrg p_init_log_level=3

After that, the lkrg module will start running every time a user logs into DE.

Offline

#2 2021-04-13 14:30:33

Head_on_a_Stick
Member
From: London
Registered: 2019-03-24
Posts: 1,597  
Website

Re: Using LKRG module with Devuan Linux

Whonix has a DKMS .deb package for LKRG:

https://www.whonix.org/wiki/Linux_Kerne … ource_Code

Their current version is 0.8.1 but the git repository has a debian/watch file so it can be updated with uscan.

The .deb only supplies the systemd unit files but the same effect can be achieved by adding this line to /etc/modules (or in it's own file under /etc/modules-load.d/):

p_lkrg

And also add this line to /etc/sysctl.conf (or in it's own file under /etc/sysctl.conf.d/):

lkrg.clean_message = 0

No need for lkrg.sh or any additions to /etc/sudoers wink

Last edited by Head_on_a_Stick (2021-04-13 14:31:39)


Black Lives Matter

Offline

#3 2021-04-13 16:22:16

Eaglet
Member
From: Россия
Registered: 2018-06-24
Posts: 38  
Website

Re: Using LKRG module with Devuan Linux

Head_on_a_Stick wrote:

Whonix has a DKMS .deb package for LKRG:

https://www.whonix.org/wiki/Linux_Kerne … ource_Code

Their current version is 0.8.1 but the git repository has a debian/watch file so it can be updated with uscan.

The .deb only supplies the systemd unit files but the same effect can be achieved by adding this line to /etc/modules (or in it's own file under /etc/modules-load.d/):

p_lkrg

And also add this line to /etc/sysctl.conf (or in it's own file under /etc/sysctl.conf.d/):

lkrg.clean_message = 0

No need for lkrg.sh or any additions to /etc/sudoers wink

My post is about integrating the "lkrg" module with DE (Gnome, KDE, XFCE & etc.), not for use on servers and other systems. If you follow your advice, then some of the DE functionality will not work!

Offline

#4 2021-04-13 16:39:10

Head_on_a_Stick
Member
From: London
Registered: 2019-03-24
Posts: 1,597  
Website

Re: Using LKRG module with Devuan Linux

Which functionality will not work?

My suggested configuration files load the module and apply the sysctl setting at boot so they do exactly what your suggested script does.


Black Lives Matter

Offline

#5 2021-04-13 17:15:18

Eaglet
Member
From: Россия
Registered: 2018-06-24
Posts: 38  
Website

Re: Using LKRG module with Devuan Linux

Head_on_a_Stick wrote:

Which functionality will not work?

My suggested configuration files load the module and apply the sysctl setting at boot so they do exactly what your suggested script does.

For example, removable drives (Flash, SD-card) are not mounted when the lkrg module is loaded at system boot, and not when DE starts.

Offline

#6 2021-04-13 19:29:34

Head_on_a_Stick
Member
From: London
Registered: 2019-03-24
Posts: 1,597  
Website

Re: Using LKRG module with Devuan Linux

Well the systemd unit files supplied by the upstream developers load the module at boot (ie, before the DE starts) so I presume that is the expected behaviour.


Black Lives Matter

Offline

#7 2021-04-13 20:51:09

Eaglet
Member
From: Россия
Registered: 2018-06-24
Posts: 38  
Website

Re: Using LKRG module with Devuan Linux

Head_on_a_Stick wrote:

Well the systemd unit files supplied by the upstream developers load the module at boot (ie, before the DE starts) so I presume that is the expected behaviour.

Yes, I agree with you.

Offline

#8 2021-04-14 16:58:25

chris2be8
Member
Registered: 2018-08-11
Posts: 115  

Re: Using LKRG module with Devuan Linux

Eaglet wrote:

After that, the lkrg module will start running every time a user logs into DE.

What would happen if a user types ctrl-alt-F1 and logged on to a text console? Or logged on from another system via SSH etc? You have to look for ways round any security checks.

Chris

Offline

#9 2021-04-14 22:57:44

Eaglet
Member
From: Россия
Registered: 2018-06-24
Posts: 38  
Website

Re: Using LKRG module with Devuan Linux

chris2be8 wrote:
Eaglet wrote:

After that, the lkrg module will start running every time a user logs into DE.

What would happen if a user types ctrl-alt-F1 and logged on to a text console? Or logged on from another system via SSH etc? You have to look for ways round any security checks.

Chris

I am aware of this. That is why I proposed the solution I described.

Offline

Board footer