Linux Lockdown Solution: A Better Alternative to Kernel Lockdown
nov 30, 2020 | 42Gears Team
Introduction
Linux is a part of the Holy Trinity of global operating systems – one of the most popular technologies among developers around the world. As an open-source operating system, Linux powers most of the world’s powerful websites such as Google, YouTube, Facebook, Amazon, Zoom, and many more. Even stock markets and digital studios that are driven by high-performance tasks and need robust processing speeds use Linux machines. As such, businesses need a Linux lockdown solution to allow enterprise admins to remotely secure and control these devices.
History of the Kernel Lockdown Feature
Linus Torvalds, the founder of Linux, approved the Linux Security Module (LSM), Kernel lockdown feature in 2018. The Kernel lockdown feature is a security mechanism initially proposed by Matthew Garrett, a Staff Security Engineer at Google. This security feature was designed to prevent users from accessing the root account, thereby preventing any attempt to modify the kernel. Most importantly, it prevented users from accessing security and cryptographic data located in kernel memory. This brought a sense of relief to many businesses. Torvalds opposed the idea initially, but agreed to it later.
Why Should Businesses Opt for a Lockdown Solution for Linux?
Although the idea of restricting users from accessing the root account may look enticing to security experts, a lot of Linux kernel developers dislike it. This is primarily because Linux is an open-source OS and neutering the root account can be a disservice to Linux and its administrators. Thus, the kernel lockdown feature is an “optional” feature.
As Linux is the platform of choice across industries today, securing Linux-based devices is paramount. So, enterprise admins need a foolproof strategy to prevent attackers from bypassing LSM restrictions and accessing the root account. If an attacker claims access to the root account, he can modify the kernel modules to change access permissions. Unsurprisingly, this can wreak havoc on a system and leak confidential information. For instance, in 2019, the sudo security vulnerability incident threatened several Linux machines. Also, the bug provided unprivileged users access to root privileges on vulnerable systems.
The Linux lockdown solution by 42Gears provides a solution to such issues. Not only does it strictly lock down Linux machines into kiosk mode, but also limits users access to allowed settings and applications only.
Why Should Businesses Consider 42Gears to Lock Down Linux Devices?
42Gears SureMDM is the first MDM solution that can convert Linux devices into kiosks in addition to locking down devices running on other platforms. Besides, SureMDM can also help IT admins deploy and monitor Linux devices remotely. Thus, with SureMDM, businesses can manage both Linux and non-Linux devices from a single console. This will not only help businesses save costs but also reduce complexity of device management.
Conclusion- Next Steps
If you are interested in running a pilot, feel free to reach out to us for a demo or a free trial.