We value your privacy

We use cookies to enhance your browsing experience, serve personalized ads or content, and analyze our traffic. By clicking "Accept All", you consent to our use of cookies.

Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

Zarhus OS: Base OS - Yocto/ Security: Reduce kernel attack surface

Zarhus OS: Base OS – Yocto/ Security: Reduce kernel attack surface

To enhance system security, reducing the kernel attack surface is crucial. This involves applying specific configurations that prevent the system from booting from unused filesystems and disable any kernel debugging support. These measures help to minimize potential vulnerabilities within the kernel environment.

Features:

  • Secure kernel configuration which don’t have:
    • debugfs
    • unused filesystems
    • /proc/config.gz exposed
    • ftrace support
    • other debug switches like CONFIG_MAGIC_SYSRQ, CONFIG_BUG, CONFIG_*_DEBUG etc.
  • Protective kernel configuration with:
    • CONFIG_CMDLINE_BOOL – enables the kernel command line to be hardcoded directly into the kernel
    • CONFIG_DEBUG_STACKOVERFLOW – enables messages to be printed if free stack space drops below a certain limit

Inputs

  • What types of filesystems are required at the target image eg.:
    • network filesystems
    • base filesystem eg. ext4
    • support for specific filesystem
    • What kind of kernel modules are required at the target image

Deliverables

  • Report showing the differences between the base and changed Linux kernel with reduced attack surface (generic, Copyright 3mdeb, MIT license)

Documentation:

For pricing, please contact us by clicking the button below.

Category:

Related products

1
Your Cart
Subtotal:
850,00 
CHECKOUT
BEST SELLING PRODUCTS
SDWire
SDWire
89,00  (ex. VAT)
Dasharo (coreboot+UEFI) Pro Package for Desktop - 1 year
Dasharo (coreboot+UEFI) Pro Package for Desktop - 1 year
60,00  (ex. VAT)
Dasharo (coreboot+UEFI) Pro Package for Network Appliance - 1 year
Dasharo (coreboot+UEFI) Pro Package for Network Appliance - 1 year
46,00  (ex. VAT)
CH341A Programmer Kit w/ WSON8 probe
CH341A Programmer Kit w/ WSON8 probe
63,00  (ex. VAT)
MSI PRO Z790-P WiFi DDR5 motherboard with Dasharo (coreboot+UEFI) Pro Package for Desktop
MSI PRO Z790-P WiFi DDR5 motherboard with Dasharo (coreboot+UEFI) Pro Package for Desktop
290,00 460,00  (ex. VAT)