Linux Kernel Runtime Guard hits 1.0.0 with major updates and broader support
The Linux Kernel Runtime Guard (LKRG) is a kernel module that checks the Linux kernel while it’s running. It looks for signs of tampering and tries to catch attempts to exploit security flaws in the kernel. Because it’s a module and not a patch, LKRG can run on many different kernels without any changes to them. It works with versions going back to RHEL7 and its variants, as well as the latest mainline and distribution … More → The post Linux Kernel Runtime Guard hits 1.0.0 with major updates and broader support appeared first on Help Net Security.
https://www.helpnetsecurity.com/2025/09/08/linux-kernel-runtime-guard-lkrg-1-0-0-released/Open linkView original on infosec.pub
What happens when it detects tempering? Does it cause one syscall to fail, or a kernel panic?
See slides #8 and #10 on this presentation: https://download.openwall.net/pub/projects/lkrg/presentations/OSTconf2020-LKRG-In-A-Nutshell.pdf -> Kernel Panic (milder response would be ineffective) and killing the task.