Narrated ‘Ali bin Abi Talib (RA): The Prophet (RA) stood up for a funeral (to show respect) and thereafter he sat down. (Dawud)

Linux Kernel Debugging and Security (LFD440)

4.5/5

This instructor-led course focuses on the important tools used for debugging and monitoring the kernel, and how security features are implemented and controlled.

 
 

Training Options

Classroom Training

Online Instructor Led

Onsite Training

Corporate Training Options

Online Instructor Led

2

Classroom Training

undraw_building_re_xfcm 1

Onsite Training

Overseas Training

Course Information

– Objectives
– Who You Are
– The Linux Foundation
– Copyright and No Confidential Information
– Linux Foundation Training
– Certification Programs and Digital Badging
– Linux Distributions
– Platforms
– Preparing Your System
– Using and Downloading a Virtual Machine
– Things Change in Linux and Open Source Projects
– Documentation and Links

– Procedures
– Kernel Versions
– Kernel Sources and Use of git
– Labs

– Overview on How to Contribute Properly
– Know Where the Code is Coming From: DCO and CLA
– Stay Close to Mainline for Security and Quality
– Study and Understand the Project DNA
– Figure Out What Itch You Want to Scratch
– Identify Maintainers and Their Work Flows and Methods
– Get Early Input and Work in the Open
– Contribute Incremental Bits, Not Large Code Dumps
– Leave Your Ego at the Door: Don’t Be Thin-Skinned
– Be Patient, Develop Long Term Relationships, Be Helpful

– Components of the Kernel
– User-Space vs. Kernel-Space
– What are System Calls?
– Available System Calls
– Scheduling Algorithms and Task Structures
– Process Context
– Labs

– Why Security?
– Types of Security
– Vulnerabilities
– Layers of Protection
– Software Exploits
– Labs

– Why Deprecated
– deprecated
– BUG() and BUG ON()
– Computed Sizes for kmalloc()
– simple strtol() Family of Routines
– strcpy(), strncpy(), strlcpy()
– printk() %p Format Specifier
– Variable Length Arrays
– Switch Case Fall-Through
– Zero-Length and One-Element Arrays in Structs

– Benefits
– How Structure Randomization Works
– Structure Initialization
– Opt-in vs Opt-out
– Partial Randomization
– Enabling Structure Randomization
– Building Out-of-tree Modules with Structure Randomization

– Linux Kernel Security Basics
– Discretionary Access Control (DAC)
– POSIX ACLs
– POSIX Capabilities
– Namespaces
– Linux Security Modules (LSM)
– Netfilter
– Cryptographic Methods
– The Kernel Self Protection Project

– Why Secure Boot?
– Secure Boot x86
– Embedded Systems Secure Boot
– Labs

– What is Module Signing?
– Basics of Signatures
– Module Signing Keys
– Enabling Module Signature Verification
– How It Works
– Signing Modules
– Labs

– Why IMA?
– Conceptual Operations
– Modes of Operation
– Collect Mode (Collect and Store)
– Logging Mode (Appraise and Audit)
– Enforcing Mode (Appraise and Protect)
– Extended Verification Module (EVM)
– Labs

– What are Linux Security Modules?
– LSM Basics
– LSM Choices
– How LSM Works
– An LSM Example: yama

– SELinux
– SELinux Overview
– SELinux Modes
– SELinux Policies
– Context Utilities
– SELinux and Standard Command Line Tools
– SELinux Context Inheritance and Preservation**
– restorecon**
– semanage fcontext**
– Using SELinux Booleans**
– getsebool and setsebool**
– Troubleshooting Tools
– Labs

– What is AppArmor?
– Checking Status
– Modes and Profiles
– Profiles
– Utilities

– Why Lockdown?
– Lockdown Modes
– What Things are Locked Down?
– How It Works
– A Few Notes
– Labs

– What is netfilter?
– Netfilter Hooks
– Netfilter Implementation
– Hooking into Netfilter
– Iptables
– nftables
– Labs

– What are netlink Sockets?
– Opening a netlink Socket
– netlink Messages
– Labs

– Debuginfo Packages
– Tracing and Profiling
– sysctl
– SysRq Key
– oops Messages
– Kernel Debuggers
– debugfs
– Labs

– Debugging with printk
– Format Specifiers in printk
– no hash pointers Command Line Option
– Using early printk
– Labs

– What is the proc Filesystem?
– Creating and Removing Entries
– Reading and Writing Entries
– The seq file Interface **
– Labs

– kprobes
– kretprobes
– SystemTap **
– Labs

– What is ftrace?
– ftrace, trace-cmd and kernelshark
– Available Tracers
– Using ftrace
– Files in the Tracing Directory
– Tracing Options
– Printing with trace printk()
– Trace Markers
– Dumping the Buffer
– trace-cmd
– Labs

– What is perf?
– perf stat
– perf list
– perf record
– perf report
– perf annotate
– perf top
– Labs

– BPF
– eBPF
– Installation
– bcc Tools
– bpftrace
– Labs

– Crash
– Main Commands
– Labs

– kexec
– Kernel Configuration
– kexec-tools
– Using kexec
– Labs

– Producing and Analyzing Kernel Core Dumps
– Labs

– What is QEMU?
– Emulated Architectures
– Image Formats
– Third Party Hypervisor Integration
– Labs

– Linux Kernel (built-in) tools and helpers
– kdb
– qemu+gdb
– kgdb: hardware+serial+gdb
– Labs

– Evaluation Survey

– UNIX and Linux **
– Monolithic and Micro Kernels
– Object-Oriented Methods
– Main Kernel Components
– User-Space and Kernel-Space

– Error Numbers and Getting Kernel Output
– Task Structure
– Memory Allocation
– Transferring Data between User and Kernel Spaces
– Object-Oriented Inheritance – Sort Of
– Linked Lists
– Jiffies
– Labs

– What are Modules?
– A Trivial Example
– Compiling Modules
– Modules vs Built-in
– Module Utilities
– Automatic Module Loading
– Module Usage Count
– Module Licensing
– Exporting Symbols
– Resolving Symbols **
– Labs

– Processes, Threads, and Tasks
– Kernel Preemption
– Real Time Preemption Patch
– Labs

– Installation and Layout of the Kernel Source
– Kernel Browsers
– Kernel Configuration Files
– Kernel Building and Makefiles
– initrd and initramfs
– Labs

– Coding Style
– Using Generic Kernel Routines and Methods
– Making a Kernel Patch
– sparse
– Using likely() and unlikely()
– Writing Portable Code, CPU, 32/64-bit, Endianness
– Writing for SMP
– Writing for High Memory Systems
– Power Management
– Keeping Security in Mind
– Labs

– Concurrency and Synchronization Methods
– Atomic Operations
– Bit Operations
– Spinlocks
– Seqlocks
– Disabling Preemption
– Mutexes
– Semaphores
– Completion Functions
– Read-Copy-Update (RCU)
– Reference Counts
– Labs

– Virtual Memory Management
– Systems With and Without MMU and the TLB
– Memory Addresses
– High and Low Memory
– Memory Zones
– Special Device Nodes
– NUMA
– Paging
– Page Tables
– page structure
– Labs

– Requesting and Releasing Pages
– Buddy System
– Slabs and Cache Allocations
– Memory Pools
– kmalloc()
– vmalloc()
– Early Allocations and bootmem()
– Memory Defragmentation
– Labs

This course is for experienced developers who need to understand the methods and internal infrastructure of the Linux kernel.

Corporate Training Options

Classroom Training

Customized to your Team’s needs

Onsite Training

Deliver at your Work Location

Online Instructor Led

Connect Online from Anywhere

Upcoming Batch

Enquiry Form:

Testimonials?

Mohammed Aljbreen Operation Specialist, SAMA

The Clarity of the Content was very good. The explanation of the trainer with in-depth knowledge in a proper flow really impressed me to give 5 star rating.

Arindam Chakraborty Systems Specialist, King Abdullah University of Sciences & Technology

The Instructor was really impressive. Clear cut explanation of every topic he covered with real time scenarios.

Sher Afzal Khan Cloud Engineer, Cloud 9 Networks

The Trainer and the Course Material, both are good. Good flow of explanation with simple examples. The complete training was focused on current industry challenges.

Jawed Ahmad Siddiqui Sr. System Administrator, Saudi Ceramics

The Trainer’s presentation was impressed me to continue the course till end. Never feel bore till the entire sessions. She studied our mindset and follows.

    Our Corporate Clients

    Best Solution To Transform Your Corporate Envoirnment.

    Not sure,
    which course to choose?

    Our Clients across the Globe!

    Our Offices.

    UAE

    Office No- 306, Galadari Mazda Building Airport Road, Garhoud, Dubai.

    SPAIN

    C / Aribau 11 2-4 08913 Badalona Barcelona,
    Spain.

    UK

    85 Skeffington Road East Ham E6 2NA,
    London.

    AUS

    Level 22, HWT Tower, 40 City Road, Southbank, Melbourne VIC 3006.

    IN

    12B, Chitrapuri Hills, Hyderabad, Telangana
    India.