* Package name : lkrg Version : 0.7 Upstream Author : Adam 'pi3' Zabrocki * URL : https://www.openwall.com/lkrg/ * License : GPL-2 Programming Lang: C Description : Linux Kernel Runtime Guard A loadable kernel module that performs runtime integrity checking of the Linux kernel and detection of security vulnerability exploits against the kernel. As controversial as this concept is, LKRG attempts to post-detect and hopefully promptly respond to unauthorized modifications to the running Linux kernel (integrity checking) or to credentials (such as user IDs) of the running processes (exploit detection). For process credentials, LKRG attempts to detect the exploit and take action before the kernel would grant the process access (such as open a file) based on the unauthorized credentials.
Linux Kernel Runtime Guard (LKRG) protects the kernel. It provides security through diversity. Similar to running an uncommon operating system (kernel) would. It renders whole classes of kernel exploits ineffective. Makes other exploits less reliable and more difficult to write (see features and security). LKRG was developed by a security professional with review from other high profile security professionals (see authorship). - https://www.whonix.org/wiki/Linux_Kernel_Runtime_Guard_LKRG#Features - https://www.whonix.org/wiki/Linux_Kernel_Runtime_Guard_LKRG#Security - https://www.whonix.org/wiki/Linux_Kernel_Runtime_Guard_LKRG#Authorship Packaging completed. Lintian --pedantic warning free. Build using cowbuilder successful. Module will be compiled on machine were installed using DKMS. I am not a Debian Developer (DD). This needs a DD to be uploaded to packages.debian.org. The source code, /debian folder can be found here: https://github.com/Whonix/lkrg The website for the LKRG Debian Package Fork can be found here: https://www.whonix.org/wiki/Linux_Kernel_Runtime_Guard_LKRG Build instructions with software signature verification: https://www.whonix.org/wiki/Linux_Kernel_Runtime_Guard_LKRG/Build_Debian_Package_from_Source_Code Simpler build instructions without software signature verification: https://www.whonix.org/wiki/Linux_Kernel_Runtime_Guard_LKRG/Build_Debian_Package_from_Source_Code/Easy Other references: - development discussion - LKRG compilation hardening flags, checksec, hardening-check - LKRG packagers / downstream wishlist (signed git commits, signed git tags, version numbers, logo) - module loading / systemd bug report / suggestion - LKRG kills VirtualBox host VMs - announcement of this LKRG Debian package on upstream LKRG mailing list https://forums.whonix.org/t/linux-kernel-runtime-guard-lkrg-linux-kernel-runtime-integrity-checking-and-exploit-detection/8477 https://www.openwall.com/lists/lkrg-users/2019/11/18/3 https://www.openwall.com/lists/lkrg-users/2019/11/13/5 https://www.openwall.com/lists/lkrg-users/2019/11/10/2 https://www.openwall.com/lists/lkrg-users/2019/11/18/1 https://www.openwall.com/lists/lkrg-users/2019/11/18/2
If you are still looking for someone that can upload this for you, file a bug against sponsorship-requests and block this bug by that one.
If you are still looking for someone that can upload this for you, file a bug against sponsorship-requests and block this bug by that one.
Talked to upstream about stable security support. To make Debian stable distribution support possible, upstream offered to backport security patches from newer versions to whatever version is frozen in Debian stable should that be required. Mariusz Zaborski oshogbo@vexillium.org would do that. Kind regards, Patrick
I think that's a great moment to package that because of the release of the version 1.0. Maybe a couple packages, one lkrg-dkms to the kernel module and another one lkrg-service, or something like that, to the systemd service.