Date: 2025-10-04
Author: Community Contributor (placeholder)
45–90 minutes
- Introduce practical kernel hardening techniques used to reduce attack surface.
- Explain kernel configuration options and runtime mitigations.
- Provide references for further reading and tools.
- Basic understanding of kernel internals and common vulnerabilities (Module 12 earlier lessons).
- Kernel configuration options to enable hardening (e.g., KASLR, module signature enforcement, CONFIG_STRICT_DEVMEM).
- Runtime mitigations: SMEP/SMAP, ASLR, stack canaries, GCC hardening flags (
-fstack-protector-strong). - Using kernel lockdown mode and LSMs (AppArmor/SELinux) to restrict access.
- Minimizing attack surface: disabling unnecessary modules, careful device driver review.
- Audit a small kernel config and list three hardening options to enable and why.
- Research how KASLR works and its limitations.
- Kernel documentation on hardening and secure boot
- Papers on kernel attack surface reduction
Create more concrete examples and config snippets as follow-ups.