linode kernel lkms
and chkrootkit told me that my system is perfectly clean excepct for one base
address difference in one file. It suggested I check for LKM trojans, to be on the safe side.
All my inquiries into my lkm situation using modprobe return:
modprobe: can't open dependancies file /lib/modules/2.4.22-linode9-3um.modules.dep
and when I ls -l /lib/modules, I get:
total 0
So I don't have any modules installed, it appears… I even lack a config file for
the modprobe utility.
using 'man modprobe', I've looked into its config files, to find alternate locations. it lists
/etc/modules.conf and /etc/conf.modules
neither of which exist on my system.
At this point I'm fairly sure that the linode RH9 doesn't support loadable kernel
modules… or at least, if it does, it's not setup/configured/enabled by default.
Am I right?
-Ashen
1 Reply
@Ashen:
At this point I'm fairly sure that the linode RH9 doesn't support loadable kernel
modules… or at least, if it does, it's not setup/configured/enabled by default.
Am I right?
-Ashen
You are right. This is one drawback of a Linode versus a real system - you have no control over the contents of the kernel at all in a Linode. This is because the kernel is the process running on the host system, and it would be a security concern to allow Linode administrators to change the kernel code, since it might be possible to exploit some flaw in the host system if you can run arbitrary UML kernel code. Thus you cannot compile and run your own kernel on a Linode, and similarly you cannot insert kernel modules into the running kernel on a Linode.
As a result, the stock kernels which Linode boots have tons and tons of stuff built-in, presumably to satisfy just about everyone's kernel functionality needs. But those of us who are running minimal setups are losing out a bit to the excess memory used by all of the various kernel extras that we don't use. And there are even a couple of things not built into the Linode kernels that some people need. Eventually Linode.com will probably find it necessary to support a much wider range of kernels with a different feature set enabled in each.
But even then, support for inserting arbitrary modules into the running kernel will probably not be included.