Zarhus OS: Base OS – Yocto/ Security: Reduce kernel attack surface
To enhance system security, reducing the kernel attack surface is crucial. This involves applying specific configurations that prevent the system from booting from unused filesystems and disable any kernel debugging support. These measures help to minimize potential vulnerabilities within the kernel environment.
Features:
- Secure kernel configuration which don’t have:
- debugfs
- unused filesystems
/proc/config.gzexposed- ftrace support
- other debug switches like
CONFIG_MAGIC_SYSRQ,CONFIG_BUG,CONFIG_*_DEBUG etc.
- Protective kernel configuration with:
CONFIG_CMDLINE_BOOL– enables the kernel command line to be hardcoded directly into the kernelCONFIG_DEBUG_STACKOVERFLOW– enables messages to be printed if free stack space drops below a certain limit
Inputs
- What types of filesystems are required at the target image eg.:
- network filesystems
- base filesystem eg. ext4
- support for specific filesystem
- What kind of kernel modules are required at the target image
Deliverables
- Report showing the differences between the base and changed Linux kernel with reduced attack surface (generic, Copyright 3mdeb, MIT license)
Documentation:
For pricing, please contact us by clicking the button below.
Related products
-
Zarhus OS: Base OS – Display support (3x OLED mono/color)
2450,00 € (ex. VAT) Add to cart -
Zarhus OS: Base OS – Buttons interface support (keyboard standard input)
2450,00 € (ex. VAT) Add to cart -
Zarhus-Powered Yocto Boot Time Optimization Report
1000,00 € (ex. VAT) Add to cart -
Zarhus OS: Base OS – Audio support and compatibility tests
4200,00 € (ex. VAT) Add to cart
