{"id":15517287,"url":"https://github.com/skx/linux-security-modules","last_synced_at":"2025-04-23T03:51:12.155Z","repository":{"id":54429217,"uuid":"95739638","full_name":"skx/linux-security-modules","owner":"skx","description":"A place to store my toy linux-security modules.","archived":false,"fork":false,"pushed_at":"2021-02-18T17:56:59.000Z","size":56,"stargazers_count":92,"open_issues_count":0,"forks_count":18,"subscribers_count":9,"default_branch":"master","last_synced_at":"2025-04-17T19:16:52.281Z","etag":null,"topics":["kernel","linux","linux-security-module","lsm","security"],"latest_commit_sha":null,"homepage":null,"language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/skx.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"security/Kconfig","support":null},"funding":{"github":"skx","custom":"https://steve.fi/donate/"}},"created_at":"2017-06-29T04:49:31.000Z","updated_at":"2025-01-16T04:10:02.000Z","dependencies_parsed_at":"2022-08-13T15:20:41.817Z","dependency_job_id":null,"html_url":"https://github.com/skx/linux-security-modules","commit_stats":null,"previous_names":[],"tags_count":3,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/skx%2Flinux-security-modules","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/skx%2Flinux-security-modules/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/skx%2Flinux-security-modules/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/skx%2Flinux-security-modules/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/skx","download_url":"https://codeload.github.com/skx/linux-security-modules/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":250366685,"owners_count":21418768,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["kernel","linux","linux-security-module","lsm","security"],"created_at":"2024-10-02T10:12:21.143Z","updated_at":"2025-04-23T03:51:12.139Z","avatar_url":"https://github.com/skx.png","language":"C","readme":"# Linux Security Modules\n\nThis repository contains a small collection of linux security modules, which were written as a part of a learning/experimentation process.\n\nThe code present has been compiled and tested against the most recent long-term kernel, at the time of writing that is __5.10.17__.\n\nIf you want to port this code to a newer kernel, in the future, then the following bug-report is a good overview of how I approach things:\n\n* https://github.com/skx/linux-security-modules/issues/13\n\n\n\n## Included Modules\n\nThere are three modules contained within this repository, two of which are simple tests and one of which is more \"real\".\n\nThe only real/useful module is:\n\n* [can-exec](security/can-exec)\n   * The user-space helper `/sbin/can-exec` is invoked to determine whether a user can execute a specific command.\n   * Because user-space controls execution policies can be written/updated dynamically.\n\nThe following two modules were written as I started the learning-process, and demonstrate creating simple standalone modules, albeit ones which do not actually provide any significant security benefit:\n\n* [whitelist](security/whitelist/)\n   * Only allow execution of binaries which have a specific `xattr` present.\n* [hashcheck](security/hashcheck/)\n   * Only allow execution of commands with `xattr` containing valid SHA1sum of binaries.\n   * This builds upon the previous module.\n\n\n\n\n## Compilation\n\nCopy the contents of `security/` into your local Kernel-tree, and run `make menuconfig` to enable the appropriate options.\n\nFurther notes are available within the appropriate module subdirectories.\n\nFor a Debian GNU/Linux host, these are the kernel build-dependencies you'll need to install, if they're not already present:\n\n      # apt-get install flex bison bc libelf-dev libssl-dev \\\n                        build-essential make libncurses5-dev \\\n                        git-core\n\n\n\n### Tracking Kernel Changes\n\nAs new kernels are released it is possible the two files `security/Kconfig` \u0026 `security/Makefile` might need resyncing with the base versions installed with the Linux source-tree.\n\nYou should be able to update them just by running `diff` and copying any lines referring to the modules `CAN_EXEC`, `HASH_CHECK`, \u0026 `WHITELIST` into place.\n","funding_links":["https://github.com/sponsors/skx","https://steve.fi/donate/"],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fskx%2Flinux-security-modules","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fskx%2Flinux-security-modules","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fskx%2Flinux-security-modules/lists"}