Menu
What's new
By:
Filters Better Search

Hardenize the linux kernel with security-misc (by kicksecure/whonix)

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

H

Hardenizer

New Around Here
Hi,

Just thought its a good idea to share these security enhancements done by kicksecure/whonix project to the kernel which would be useful as well if it implemented in asus-merlin: (Not all directly applicable to the firmware but many do and worth look at)

github.com

GitHub - Kicksecure/security-misc: Kernel Hardening; Protect Linux User Accounts against Brute Force Attacks; Improve Entropy Collection; Strong Linux User Account Separation; Enhances Misc Security Settings - https://www.kicksecure.com/wiki/Security

Kernel Hardening; Protect Linux User Accounts against Brute Force Attacks; Improve Entropy Collection; Strong Linux User Account Separation; Enhances Misc Security Settings - https://www.kicksecure...
github.com github.com
 
Last edited:
Last edited:
Quoting, posting, linking... whatever you call it, generic security information isn't helpful. Most of what you linked to is either not applicable or already implemented. Are you also going to list every Linux CVE and package update for the last 10 years? A router is not a Linux server or desktop, it's an embedded device. If you have identified a particular security vulnerability that's applicable to this router then by all means report it to Asus so they can patch it upstream.
 
This kind of large scale security hardening is beyond the scope of this project, sorry. A lot of these wouldn't apply to this scenario, and the amount of work involved wouldn't justify whatever limited gains may be provided by them. Keep in mind the router is a very different environment from a computer/server, where you have to take into account having multiple users, while the router firmware itself runs as root, and does not provide accounts for limited users, unlike a regular workstation.

I've done a pass at at least tightening some file permissions a few years ago, so there was already some work done toward improving general security, but it's always a matter of balance between effort vs payoff.
 
RMerlin said:
This kind of large scale security hardening is beyond the scope of this project, sorry. A lot of these wouldn't apply to this scenario, and the amount of work involved wouldn't justify whatever limited gains may be provided by them. Keep in mind the router is a very different environment from a computer/server, where you have to take into account having multiple users, while the router firmware itself runs as root, and does not provide accounts for limited users, unlike a regular workstation.

I've done a pass at at least tightening some file permissions a few years ago, so there was already some work done toward improving general security, but it's always a matter of balance between effort vs payoff.
Click to expand...
Not only that, but alot of these "linux" security measures are taken out of necessity to solve problems introduced by the developers of said implementations. As far as I am aware, most of these concerns would not be present in our routers simply because asus in partnership with their vendors, maintains their own implementation.
 
You must log in or register to reply here.

Similar threads

S
Issues compiling Realtek RTL8156 (r8152) driver for ASUS RT-AX86U
Replies
2
Views
428
Sanek2k6
S
luckybeans
About the Linux Kernel Version of the firmware of ASUS WiFi 7 router
Replies
19
Views
2K
glens
G
I
How to blacklist UAS (USB) kernel module at boot?
Replies
14
Views
1K
Dmitriy78
D
RMerlin
Current plans regarding separate version branches
3 4 5
Replies
87
Views
10K
zay2u
Z
ExtremeFiretop
  • Locked
Seeking Feedback & Contributions: Merlin Auto Update Solutions
14 15 16
Replies
315
Views
17K
ExtremeFiretop
ExtremeFiretop
Similar threads
Thread starter Title Forum Replies Date
M Solved USB mount shows for Mac/Linux but not Windows 10 (RT-AC68U_386.12_4) Asuswrt-Merlin 1
L Help with some routing/filtering configuration for CUPS printers in Debian linux Asuswrt-Merlin 2
D Disable kernel module Asuswrt-Merlin 1
Phantomski Kernel versions of latest routers with Merlin's FW Asuswrt-Merlin 18
Davidncali001 Need help with syslog being spammed with kernel messages Asuswrt-Merlin 8
I How to blacklist UAS (USB) kernel module at boot? Asuswrt-Merlin 14
A RT-AX82U asuswrt-merlin.ng - build kernel module Asuswrt-Merlin 2
N New kernel version Asuswrt-Merlin 18
C kernel: jffs2: Error garbage collecting node at 00f7fcac! Asuswrt-Merlin 8

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 711 (members: 29, guests: 682)
Top