Overview

Protection mechanism: Linux Kernel Runtime Guard (LKRG) kernel module

Linux Kernel Runtime Guard (LKRG) is a loadable kernel module that performs runtime integrity checking of the Linux kernel and detection of security vulnerability exploits against the kernel.

To verify if LKRG is installed, one can run: lsmod | grep lkrg

However, LKRG can be hidden using the lkrg.hide=1 sysctl parameter.

In the event that LKRG is hidden, it's still possible to detect the module by checking for the presence of the associated sysctl parameters with: test -d /proc/sys/lkrg && echo true.

For more information, see:

LKRG [Openwall Community Wiki]
Linux Kernel Runtime Guard (LKRG) in a nutshell (OSTconf 2020)

Protection mechanism analysis

Bypasses:

https://github.com/milabs/lkrg-bypass

Associated vulnerabilities

TBD

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

lkrg.md

lkrg.md

Overview

Protection mechanism analysis

Associated vulnerabilities

Files

lkrg.md

Latest commit

History

lkrg.md

File metadata and controls

Overview

Protection mechanism analysis

Associated vulnerabilities