Linux
    Overview
    Process
    Sockets
    File
    File System Hierarchy
    System Calls
    Device
    systemd
    Service
    namespace
    Memory
    Modules
    Signals
    System Monitoring
    Desktop Environment
    Users and Groups
    Logs
    Network
    Terminal
    GNU

Linux - Modules

Updated: 2022-08-06

The word "Module" can mean different things in Linux.

Linux Kernel Modules (LKM)

A Linux kernel module is a piece of compiled binary code that is inserted directly into the Linux kernel, running at ring 0, the lowest and least protected ring of execution in the x86–64 processor.

  • can load / unload on the fly using modprobe (no need to reboot); often used for devices, file systems, system calls, etc.
  • kernel module suffix: .ko (Kernel Object).
  • location: /lib/modules or /usr/lib/modules/.
  • use lsmod to list installed modules, or check /proc/modules;
  • use modinfo XXX to list the attributes of a Kernel module.
  • examples: firmware and device drivers.

Linux differ from macOS and Windows: it includes drivers at the kernel level.

Commands:

  • Install: $ insmod <module> (does not resolve dependencies) or $ modprobe <module> (more powerful than insmod)
  • Remove: $ rmmod <module>
  • List: $ lsmod
  • Rebuild module dependancy database using /lib/modules/$(uname -r)/modules.dep: $ depmod -a
  • Info: $ modinfo /path/to/module.ko
  • List all available modules: ls -R /lib/modules/$(uname -r)

Linux Security Modules (LSM)

Linux Security Modules (LSM) are NOT loadable kernel modules. They are selectable at build-time via CONFIG_DEFAULT_SECURITY and can be overridden at boot-time.

SELinux

SELinux: an implementation of Mandatory Access Control (MAC)

As contrasted to the standard Unix model of Discretionary Access Control (DAC).

SELinux comes installed by default on Red Hat distributions.

To check your SELinux mode, run sestatus and check the output. For example:

$ sestatus
SELinux status:                 disabled

$ sestatus
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   enforcing

Mode from config file:          error (Success)
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Max kernel policy version:      28

concepts:

  • Multi-Level Security (MLS)
  • Multi-Category Security (MCS)

Permissive vs Enforcing Mode:

  • Permissive Mode: SELinux will log access control infringements but will not enforce them
  • Enforcing Mode: enforce!

Linux Pluggable Authentication Modules (PAM)

pam - Pluggable Authentication Modules for Linux

PAM configuration files are stored in /etc/pam