Vuln kernel loadable modules

From Atomicorp Wiki
Jump to: navigation, search

[edit] Kernel Module loading is allowed

This vulnerability means that Kernel Module loading is allowed. Linux kernels can be modified dynamically to allow what are called kernel modules to be loaded on demand. This can allow the system to load kernel capabilities when an application or user requires them. This also allows an attacker to install a kernel module rootkit, and ASL can prevent this from occurring. This vulnerability means that the kernel can be modified.

If you see this vulnerability it is caused by:

1) You are not running the ASL kernel

2) Or, you have disabled this protection in the ASL kernel.

[edit] Output from scanner

If the ASL vulnerability scanner is producing this output:

Runtime module loading fixed

It means one of two things:

1) You are using the ASL kernel, and you've configured ASL to disallow kernel module loading, but have not rebooted the server.

2) You are not using the ASL. If you are not using the ASL kernel, you can not fix this vulnerability. The solution is to use the ASL kernel.

[edit] Next Steps

First check to see if you are using the ASL kernel by going to this link.

If you are not running the ASL kernel:

Please reboot your system into the ASL kernel.

Note: If you have a VPS system, you will not have your own kernel. Please install ASL on the host server.

If you are running the ASL kernel:

Log into the ASL GUI, click on Configuration and select the ASL configuration menu option. This will open the ASL configuration screen. Scroll down to ALLOW_kmod_loading and set this to "no" then click update. You will need to reboot your server for this setting to be implemented on the server.

Personal tools