Alexander Popov, a Linux Kernel Developer and Security Researcher, has announced a significant update to the kernel-hardening-checker tool. The tool now supports checking Linux kernel security parameters for RISC-V, in addition to X86_64, ARM64, X86_32, and ARM.
🔗 Reference: kernel-hardening-checker on LinkedIn
You Should Know:
1. What is Kernel-Hardening-Checker?
This tool helps security researchers and system administrators verify whether a Linux kernel is properly hardened against common exploits. It checks various security configurations, including:
– KASLR (Kernel Address Space Layout Randomization)
– SMEP/SMAP (Supervisor Mode Execution/Access Prevention)
– Stack Protector
– Kernel Module Signing Enforcement
2. How to Use kernel-hardening-checker
Installation & Basic Usage
git clone https://github.com/a13xp0p0v/kernel-hardening-checker cd kernel-hardening-checker ./kernel-hardening-checker.py -a riscv For RISC-V ./kernel-hardening-checker.py -a x86_64 For x86_64
Checking Kernel Config
Extract kernel config from a running system zcat /proc/config.gz > .config ./kernel-hardening-checker.py -c .config -a riscv
Verifying Kernel Security Parameters
Check if KASLR is enabled grep "CONFIG_RANDOMIZE_BASE=y" .config Check SMEP/SMAP support grep "CONFIG_X86_SMAP=y" .config
3. Hardening a Linux Kernel
To manually harden your kernel, consider these configs:
Enable Kernel Stack Protector CONFIG_STACKPROTECTOR=y CONFIG_STACKPROTECTOR_STRONG=y Enable Kernel Module Signing CONFIG_MODULE_SIG=y CONFIG_MODULE_SIG_FORCE=y Enable KASLR CONFIG_RANDOMIZE_BASE=y
4. RISC-V Specific Hardening
Since RISC-V is gaining adoption, ensure:
CONFIG_RISCV_SBI=y For Secure Boot CONFIG_RISCV_PMP=y Physical Memory Protection CONFIG_RISCV_SV39=y For 64-bit Virtual Memory
What Undercode Say
The addition of RISC-V support in `kernel-hardening-checker` is a crucial step towards securing modern embedded and high-performance systems. Given the rise of RISC-V in IoT, edge computing, and custom silicon, ensuring kernel security is more important than ever.
Additional Linux Security Commands
Check Kernel Version & Hardening uname -a cat /proc/cmdline | grep kaslr Verify Kernel Modules lsmod modinfo <module_name> Check SMEP/SMAP in x86 dmesg | grep "SMEP|SMAP" Audit Kernel Security sudo apt install auditd auditctl -l
Windows Equivalent (For Comparison)
Check Windows Kernel Protections Get-ComputerInfo | Select-Object OsHardwareAbstractionLayer bcdedit | grep "nx"
Expected Output:
A detailed report from `kernel-hardening-checker` will display:
- Enabled security features
- Missing protections
- Recommendations for hardening
Stay updated with kernel security trends and contribute to open-source tools like this to enhance system resilience against exploits.
Prediction
As RISC-V adoption grows, more security tools will incorporate RISC-V-specific checks, leading to standardized hardening practices across architectures. Expect increased focus on firmware security (like OpenTitan) alongside kernel protections.
References:
Reported By: A13xp0p0v Big – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅
