Centralized kernel module loading

摘要

Methods and systems for centralized kernel module loading are described. In one embodiment, a computing system detects a kernel module load event to load a kernel module into a kernel of a client. Upon detection of the kernel module load event, the computing system computes a cryptographic hash of the kernel module, and sends the cryptographic hash to an access control server to verify whether the cryptographic hash is a permitted hash. The computing system receives a response from the access control server to permit or deny the kernel module load event, and permits or denies the kernel module load event based on the response.

主权项

1. A method comprising:
detecting, by a centralized kernel module loader executing by a client computing system, a kernel module load event to load a kernel module into a kernel of the client computing system; upon detection of the kernel module load event, computing a cryptographic hash of the kernel module; storing the computed cryptographic hash of the kernel module; sending the computed cryptographic hash over a client-server network to an access control server executing by a server computing system to verify whether the cryptographic hash is a permitted hash; receiving a response from the access control server to control loading of the kernel module for the kernel module load event, wherein the response indicates that the kernel module is a different version of a corresponding approved kernel module; determining whether to deny the kernel module load event on the client computing system in view of the received response; controlling the loading of the approved kernel module for the kernel module load event in view of on the received response; and removing the stored computed cryptographic hash of the kernel module in response to determining to deny the kernel module load event on the client computing system.