Endpoint Administration Guide for UNIX › Protecting Files and Programs › Kernel Modules Load and Unload Protection › Protect a Kernel Module

Protect a Kernel Module

You can protect the loading and unloading of kernel modules, and so help protect the operating system.

To protect a kernel module

1. Ensure you have enabled kernel module protection.
2. Create a KMODULE record in CA ControlMinder.

   To create a kernel module, you need to define:

   • The name of the kernel module

     On all non-Linux systems, the name of the KMODULE record must match the name of the kernel module file (not the full path). This is because the name of the module is the same as the name of the file. On Linux, the name of KMODULE record needs to match only the name of the kernel module, which, may be different from the actual file name.

   • The owner of the record (defaults to the user creating the module)
   • (Optional) The absolute file path to the kernel module file, or a list of file paths if there is more than one version of the module.

   Note: On HP and Solaris systems, you can define the special kernel module _ALL_MODULES to protect the unloading of all kernel modules.

3. Define the users or groups that are authorized to load and unload the module.

Example: Protect a Kernel Module Using selang Commands

The following selang commands define and authorize a kernel module serial.o to CA ControlMinder and authorizes the enterprise user kadmin to load and unload it:

newres kmodule serial.o owner(kadmin) defaccess(none) \
filepath(/lib/modules/2.2.19/serial.o:/lib/modules/2.2.20/serial.o)
authorize kmodule serial.o access(load, unload) xuid(kadmin)