Secure Linux Kernel for your server
Our specially designed Secure Linux Kernel is here to protect your server and all services by allowing access only to specific files, variables, and networking.
Secure Linux Kernel
When in use provides the highest security possible for your server.
Since this protection is MAC at the kernel level meaning all not allowed by the policy by default is denied and that provides the highest security for your system.
Supported Operating Systems
We need to define into policy each binary file that can be executed and specify the allow list of rules for it.
We can allow per application, user, program, service access to specif file, socket, port, IP …
We can allow for example that the test.php file of the user “john” located at /home/john/public_html/test.php can be executed only by john user and only by php-cgi version 5.4 which needs to be run by the john user.
File Based restrictions (please note all not allowed, by default is denied)
These rules allow us to perform network socket operations.
These rules allow us to perform Unix socket operations.
This protection can limit connection on the IP and/or port,
deny read/write/execute…. access to the files if the owner is not matched…
Example issues which kernel is protecting you from:
– symlink attacks (most commonly used to hack all users on the server)
– execution of malware or custom scripts
– access to server system files (/etc,/var, /usr, /home and all others)
– access to /tmp and /var/tmp files
– access to /dev/shm memory partition
– custom script connecting to other servers/ports
– malware cron running bad things
– hacked user ssh access to be used for running hacker scripts
– hacked user ssh access to be used for accessing the system files
– the limited set of secure tested ssh commands are only available to users
…and many others.
Demo SSH account
SSH Server: 220.127.116.11
SSh Port: 19443
Example ssh login: ssh firstname.lastname@example.org -p 19443
Youtube Video DEMO
* You can test here all example commands, the demo account is reset every 1h.