阿里的轻量云发现有一个这样的 LKM 模块.

[root@aliyun ~]# lsmod
Module Size Used by
AliSecGuard 22180 2 <-------
nfit 55016 0
libnvdimm 147731 1 nfit
iosf_mbi 15582 0
crc32_pclmul 13133 0
ghash_clmulni_intel 13273 0
ppdev 17671 0
aesni_intel 189415 0
lrw 13286 1 aesni_intel
gf128mul 15139 1 lrw
glue_helper 13990 1 aesni_intel
ablk_helper 13597 1 aesni_intel
cryptd 21190 3 ghash_clmulni_intel,aesni_intel,ablk_helper
virtio_balloon 18015 0
joydev 17389 0
pcspkr 12718 0
parport_pc 28205 0
parport 46395 2 ppdev,parport_pc
i2c_piix4 22401 0
ip_tables 27126 0
ext4 579979 1
mbcache 14958 1 ext4
jbd2 107478 1 ext4
ata_generic 12923 0
pata_acpi 13053 0
virtio_blk 18222 2
virtio_console 28076 1
virtio_net 28063 0
cirrus 24377 1
drm_kms_helper 179394 1 cirrus
syscopyarea 12529 1 drm_kms_helper
sysfillrect 12701 1 drm_kms_helper
sysimgblt 12640 1 drm_kms_helper
fb_sys_fops 12703 1 drm_kms_helper
ttm 114635 1 cirrus
ata_piix 35052 0
drm 429744 4 ttm,drm_kms_helper,cirrus
libata 243133 3 pata_acpi,ata_generic,ata_piix
crct10dif_pclmul 14307 0
crct10dif_common 12595 1 crct10dif_pclmul
crc32c_intel 22094 0
floppy 69432 0
serio_raw 13434 0
virtio_pci 22985 0
virtio_ring 22746 5 virtio_blk,virtio_net,virtio_pci,virtio_balloon,virtio_console
virtio 14959 5 virtio_blk,virtio_net,virtio_pci,virtio_balloon,virtio_console
drm_panel_orientation_quirks 12957 1 drm

问题来了,安全模块为何要用 LKM 的方式加载?真的是用于安全吗?

morphyhu

2022-07-28 14:07:42 +08:00

终于搞定了.
参考
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/managing_monitoring_and_updating_the_kernel/managing-kernel-modules_managing-monitoring-and-updating-the-kernel

cat >> /etc/modprobe.d/blacklist.conf <<EOF
# Blacklists AliSecGuard
blacklist AliSecGuard
install AliSecGuard /bin/false
EOF

reboot

morphyhu

2022-07-28 14:08:37 +08:00

干净多了.

[root@ aliyun local]# lsmod
Module Size Used by
nfit 55016 0
libnvdimm 147731 1 nfit
iosf_mbi 15582 0
crc32_pclmul 13133 0
ghash_clmulni_intel 13273 0
aesni_intel 189415 0
ppdev 17671 0
lrw 13286 1 aesni_intel
gf128mul 15139 1 lrw
glue_helper 13990 1 aesni_intel
ablk_helper 13597 1 aesni_intel
cryptd 21190 3 ghash_clmulni_intel,aesni_intel,ablk_helper
parport_pc 28205 0
i2c_piix4 22401 0
pcspkr 12718 0
virtio_balloon 18015 0
joydev 17389 0
parport 46395 2 ppdev,parport_pc
ip_tables 27126 0
ext4 579979 1
mbcache 14958 1 ext4
jbd2 107478 1 ext4
ata_generic 12923 0
pata_acpi 13053 0
virtio_blk 18222 2
virtio_console 28076 1
virtio_net 28063 0
cirrus 24377 1
drm_kms_helper 179394 1 cirrus
syscopyarea 12529 1 drm_kms_helper
sysfillrect 12701 1 drm_kms_helper
sysimgblt 12640 1 drm_kms_helper
fb_sys_fops 12703 1 drm_kms_helper
ttm 114635 1 cirrus
ata_piix 35052 0
drm 429744 4 ttm,drm_kms_helper,cirrus
libata 243133 3 pata_acpi,ata_generic,ata_piix
crct10dif_pclmul 14307 0
crct10dif_common 12595 1 crct10dif_pclmul
crc32c_intel 22094 0
serio_raw 13434 0
virtio_pci 22985 0
virtio_ring 22746 5 virtio_blk,virtio_net,virtio_pci,virtio_balloon,virtio_console
virtio 14959 5 virtio_blk,virtio_net,virtio_pci,virtio_balloon,virtio_console
drm_panel_orientation_quirks 12957 1 drm
floppy 69432 0
[root@ aliyun local]#

这是一个专为移动设备优化的页面（即为了让你能够在 Google 搜索结果里秒开这个页面），如果你希望参与 V2EX 社区的讨论，你可以继续到 V2EX 上打开本讨论主题的完整版本。

https://www.v2ex.com/t/869181

V2EX 是创意工作者们的社区，是一个分享自己正在做的有趣事物、交流想法，可以遇见新朋友甚至新机会的地方。

V2EX is a community of developers, designers and creative people.