This script will determine if the running Linux kernel requires using the new interception method
search cancel

This script will determine if the running Linux kernel requires using the new interception method

book

Article ID: 411304

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

Some new Linux kernel patches released in recent months include a backport of a feature that removes the use of the system call table. We have seen several such releases from Oracle, Amazon and SuSE. 
 
 

Cause

This backport is intended to fix a vulnerability in the Linux kernel.  Unfortunately, it broke our product's ability to intercept system calls. Currently, we are diligently developing a new interception method using the ftrace feature.
 

Resolution

Attached please find a compressed tar file, checkhost.20250305.tar.gz.  This tar file includes a script, called checkhost, and two sample reports generated by it.  This script will determine if the running Linux kernel requires using the new interception method.  If it does, it will check if the ftrace is built into the running Linux kernel and if it is enabled.

Attachments

checkhost.20250305.tar.gz get_app
Powered by Wolken Software