Linux - Modules
The word "Module" can mean different things in Linux.
Linux Kernel Modules (LKM)
A Linux kernel module is a piece of compiled binary code that is inserted directly into the Linux kernel, running at ring 0, the lowest and least protected ring of execution in the x86–64 processor.
- can load / unload on the fly using
modprobe
(no need to reboot); often used for devices, file systems, system calls, etc. - kernel module suffix:
.ko
(Kernel Object). - location:
/lib/modules
or/usr/lib/modules/
. - use
lsmod
to list installed modules, or check/proc/modules
; - use
modinfo XXX
to list the attributes of a Kernel module. - examples: firmware and device drivers.
Linux differ from macOS and Windows: it includes drivers at the kernel level.
Commands:
- Install:
$ insmod <module>
(does not resolve dependencies) or$ modprobe <module>
(more powerful thaninsmod
) - Remove:
$ rmmod <module>
- List:
$ lsmod
- Rebuild module dependancy database using
/lib/modules/$(uname -r)/modules.dep
:$ depmod -a
- Info:
$ modinfo /path/to/module.ko
- List all available modules:
ls -R /lib/modules/$(uname -r)
Linux Security Modules (LSM)
Linux Security Modules (LSM) are NOT loadable kernel modules. They are selectable at build-time via CONFIG_DEFAULT_SECURITY
and can be overridden at boot-time.
Examples: SELinux (Redhat), AppArmor (Ubuntu).
SELinux
SELinux: an implementation of Mandatory Access Control (MAC)
As contrasted to the standard Unix model of Discretionary Access Control (DAC).
SELinux comes installed by default on Red Hat distributions.
To check your SELinux mode, run sestatus
and check the output. For example:
$ sestatus
SELinux status: disabled
$ sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: enforcing
Mode from config file: error (Success)
Policy MLS status: enabled
Policy deny_unknown status: allowed
Max kernel policy version: 28
concepts:
- Multi-Level Security (MLS)
- Multi-Category Security (MCS)
Permissive vs Enforcing Mode:
- Permissive Mode: SELinux will log access control infringements but will not enforce them
- Enforcing Mode: enforce!
AppArmor
Ubuntu Server's Mandatory Access Control (MAC) system. Equivelant to Redhat's SELinux.
Linux Pluggable Authentication Modules (PAM)
pam - Pluggable Authentication Modules for Linux.
PAM configuration files are stored in /etc/pam
.