Security
Reader small image

You're reading from  Oracle Linux Cookbook

Product typeBook
Published inJan 2024
Reading LevelBeginner
PublisherPackt
ISBN-139781803249285
Edition1st Edition
Languages
Bash
Tools
Linux
Concepts
Operating Systems
Right arrow
Authors (3):
Erik Benner
Erik Benner
author image
Erik Benner

Erik Benner is the VP of Enterprise Transformation and an Oracle ACE director. He is an expert strategist for customers across the United States. His customer engagements range from enterprise cloud transformations to data center consolidation and modernization. He frequently presents at conferences such as Oracle CloudWorld, ASCEND, BLUEPRINT 4D, and FOSSY. Having worked with Oracle and Sun Systems since the mid-90s, Erik is well-versed in most of the core Oracle technologies, including Oracle Cloud, Oracle Linux, and Oracle Database. When not flying to far points of the country from the Metro Atlanta area, he enjoys spending time with his family at their observatory, where the telescopes outnumber the people.
Read more about Erik Benner

Erik B. Thomsen
Erik B. Thomsen
author image
Erik B. Thomsen

Erik B. Thomsen is a Principal Sales Consultant passionate about Linux, cloud-native technologies, and “Everything as Code.” He is an innovative strategist with extensive experience working in multiple facets of IT, including DevSecOps, product management for databases and Linux, and platform engineering, where he led the development of an enterprise Kubernetes container platform. He has many years of consulting experience working for numerous Fortune 500 companies. Often described as a “visionary” or “thought leader” by his peers, Erik leverages his expertise in technology with his creative development and automation skills to help customers design, deploy, and manage cutting-edge IT solutions.
Read more about Erik B. Thomsen

Jonathan Spindel
Jonathan Spindel
author image
Jonathan Spindel

Jonathan Spindel is a highly skilled and experienced technology leader and evangelist with a strong emphasis on Oracle ecosystems cloud infrastructure and automation. With over 23 years in the industry, he possesses a comprehensive understanding of managing, designing, and deploying multi-tenant enterprise systems and cloud solutions to address business needs and enhance operational processes. Jonathan excels in providing end-to-end management and technical turnkey cloud solutions that drive increased business productivity and reduce operational costs, ultimately delivering timely returns on investment. His hands-on approach and deep expertise in Oracle and mainstream infrastructure and cloud technologies enable him to optimize performance and streamline operations, while his proficiency in automation ensures efficient and error-free processes.
Read more about Jonathan Spindel

View More author details
Right arrow

Exploring the Various Boot Options and Kernels in Oracle Linux

This chapter will teach you about boot and its options, kernels, and more. You will also learn about many exciting opportunities, tools, and applications to make your life easier and more enjoyable. For example, you will learn how to change your booting kernel and remove and reinstall a kernel on your system. You will even learn how to use the boot process to switch between Linux kernels.

Booting involves more than just loading the operating system; it also helps secure the system using Secure Boot or TrenchBoot.

This chapter has the following recipes:

  • Kernel basics – UEK and RHCK
  • Playing with UEFI
  • Playing with Secure Boot
  • TrenchBoot – improving boot security and integrity
  • Removing the RHCK

Kernel basics – UEK and RHCK

Before we get started with UEK and RHCK, let's understand what is a Linux kernel. A Linux kernel release refers to an updated version of the core component of the Linux operating system. Its main function is to act as a bridge between the hardware and software layers of a computer system. The Linux kernel is a collaborative development effort by a large community of developers worldwide, with Linus Torvalds as the original creator and official maintainer of the mainline kernel. These kernel updates are introduced periodically to provide new features, improvements, bug fixes, security patches, and hardware support.

Linux kernel releases are assigned a version number that consists of three components: major version, minor version, and patch level. For instance, a kernel version is represented as X.Y.Z, where X represents the major version, Y is the minor version, and Z is the patch level. The major version is usually incremented for significant...

Kernel basics – UEK and RHCK

With a fresh installation of Oracle Linux, the Unbreakable Enterprise Kernel (UEK) is the default. However, in some cases, you may want to switch to the Red Hat Compatible Kernel (RHCK).

The default kernel might not be the correct version to use in some scenarios:

  • UEK releases are based on newer kernel releases than the RHCK version, which is the standard for Red Hat servers. With Oracle Linux, you have the option to use the UEK, which provides a more up-to-date kernel release.
  • The current kernel version might be incompatible with your particular hardware. A UEK system will boot on new hardware, while the older RHCK will not. An example of this is UEK 7, which supports the Microsoft Azure Network Adapter (MANA), whereas UEK 6 does not.
  • Suppose a UEK beta or technical preview release is installed on the system. In that case, UEK needs to be demoted to ensure that the kernel is used only if intentionally and manually selected as...

Playing with UEFI

One way hackers can compromise systems is by attacking the system before it boots. In order to prevent this, you must secure the operating system by enabling security in UEFI. In other words, you cannot run software if it cannot be trusted to execute code correctly because untrusted software can tamper with your bootloader or, even worse, compromise your firmware. To solve this, a new, secure method is required to boot systems, called UEFI. UEFI is implemented in the firmware and has become the interface between your hardware and the operating system, replacing the legacy BIOS firmware that was previously the industry default. A feature of UEFI is Secure Boot, which ensures that your system boots by only using software trusted by the hardware manufacturer of your system. In addition, it provides a verification mechanism (by verifying each piece of boot software by using cryptographic checksums and signatures) to ensure that the code that is launched is trusted by...

Playing with Secure Boot

Secure Boot is an additional optional feature implemented in UEFI intended to help prevent malware execution during a boot process. To enable or disable Secure Boot, you need to access your specific UEFI setup program. This is different for each system manufacturer. Check your system documentation to see how to access the UEFI configuration.

The Secure Boot steps are identical to the regular UEFI booting but an important exception is that it requires the components to be signed and authenticated to be loaded and executed (private and public key pairs are used for authentication). It consists of two launch Roots of Trust (RoT) to build the transitive trust chains:

  • The verification RoT is responsible for the signature verification. The verification RoT is the launch RoT, which is what most are referring to when speaking about Secure Boot, and it will lie on the boot flash drive as the RoT for storage to protect the key database. Verify only after the...

TrenchBoot – improving boot security and integrity

TrenchBoot is a GitHub cross-community and cross-platform framework integration that grew from an idea by Apertus Solutions that originated in 2014 to deal with the limitations of using tboot to launch Xen for the OpenXT project and other contributors, such as Oracle (Intel), 3mdep (AMD), and Citrix (https://github.com/TrenchBoot). Its primary purpose is to expand the mechanism of security and the integrity of the boot process by using a standard and unified approach (between Xen, KVM, Linux, BSDs, and potentially proprietary kernels). A common location where you will see this being used is Oracle Cloud’s shielded instances.

Getting ready

One of the main capabilities of TrenchBoot is securely launching Linux. This feature enables the Linux kernel to be dynamically launched by AMD and Intel by introducing an intermediate phase to the boot launch. Unlike traditional first-launch scenarios, such as the bootstrap phase...

Removing the RHCK

In this recipe, you will learn how to remove RHCK and its unique package dependencies while keeping all of UEK dependencies. Remember that when installing Oracle Linux, the installer automatically installs the Oracle UEK as the default kernel, but you can install RHCK for compatibility purposes.

Getting ready

Old versions of Oracle Linux required a special tool called the kernel-transition package to manage dependencies. With new versions of Oracle Linux, a much easier process is available. For example, with Oracle Linux 8, this requirement is obsolete. All packages are purposely built to avoid any dependencies with regard to the system running on a UEK or RHCK. This makes it significantly easier to remove the UEK or RHCK from the system.

How to do it…

Let’s see how to remove RHCK from our system:

  1. First, let’s check all kernels running within our system by using the grubby command:
Figure 3.19 – Checking the kernels

Figure 3.19...

lock icon
The rest of the chapter is locked
Previous Chapter
Chapter 4 of 16
Next Chapter
You have been reading a chapter from
Oracle Linux Cookbook
Published in: Jan 2024Publisher: PacktISBN-13: 9781803249285
© 2024 Packt Publishing Limited All Rights Reserved
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Sign up now
undefined
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Start free trial
Renews at $15.99/month. Cancel anytime

Authors (3)

author image
Erik Benner

Erik Benner is the VP of Enterprise Transformation and an Oracle ACE director. He is an expert strategist for customers across the United States. His customer engagements range from enterprise cloud transformations to data center consolidation and modernization. He frequently presents at conferences such as Oracle CloudWorld, ASCEND, BLUEPRINT 4D, and FOSSY. Having worked with Oracle and Sun Systems since the mid-90s, Erik is well-versed in most of the core Oracle technologies, including Oracle Cloud, Oracle Linux, and Oracle Database. When not flying to far points of the country from the Metro Atlanta area, he enjoys spending time with his family at their observatory, where the telescopes outnumber the people.
Read more about Erik Benner

author image
Erik B. Thomsen

Erik B. Thomsen is a Principal Sales Consultant passionate about Linux, cloud-native technologies, and “Everything as Code.” He is an innovative strategist with extensive experience working in multiple facets of IT, including DevSecOps, product management for databases and Linux, and platform engineering, where he led the development of an enterprise Kubernetes container platform. He has many years of consulting experience working for numerous Fortune 500 companies. Often described as a “visionary” or “thought leader” by his peers, Erik leverages his expertise in technology with his creative development and automation skills to help customers design, deploy, and manage cutting-edge IT solutions.
Read more about Erik B. Thomsen

author image
Jonathan Spindel

Jonathan Spindel is a highly skilled and experienced technology leader and evangelist with a strong emphasis on Oracle ecosystems cloud infrastructure and automation. With over 23 years in the industry, he possesses a comprehensive understanding of managing, designing, and deploying multi-tenant enterprise systems and cloud solutions to address business needs and enhance operational processes. Jonathan excels in providing end-to-end management and technical turnkey cloud solutions that drive increased business productivity and reduce operational costs, ultimately delivering timely returns on investment. His hands-on approach and deep expertise in Oracle and mainstream infrastructure and cloud technologies enable him to optimize performance and streamline operations, while his proficiency in automation ensures efficient and error-free processes.
Read more about Jonathan Spindel

Personalised recommendations for you

Based on your interests and search pattern

Attacking and Exploiting Modern Web Applications

Attacking and Exploiting Modern Web Applications

Attacking and Exploiting Modern Web Attacks will help you understand how to identify attack surfaces and detect vulnerabilities. This book takes a hands-on approach to implementation and associated methodologies and equips you with the knowledge and skills needed to effectively combat web attacks.

BookAug 2023338 pages
Automotive Cybersecurity Engineering Handbook

Automotive Cybersecurity Engineering Handbook

This Automotive Cybersecurity Engineering Handbook untangles the complexities of building secure automotive products and helps you to comply with cybersecurity standards. It provides practical tools, tips, and techniques coupled with real-world examples to enable you to create cyber-resilient automotive products with ease.

BookOct 2023392 pages
Official Google Cloud Certified Professional Cloud Security Engineer Exam Guide

Official Google Cloud Certified Professional Cloud Security Engineer Exam Guide

This book will help you to design, develop, and operate security controls on Google Cloud as well as discover best practices for relevant security domains, including identity and access management, network, and data.

BookAug 2023496 pages
Cloud Penetration Testing for Red Teamers

Cloud Penetration Testing for Red Teamers

The advent of cloud networks and the AWS, Azure, and GCP platforms has revolutionized how companies of all sizes in all industries do business online. This book will help you meet the emerging demand for pentesting as it guides you through the tools, techniques, and security measures used by pentesters and red teamers in the 2020s and beyond.

BookNov 2023298 pages
ISACA Certified in Risk and Information Systems Control (CRISC®) Exam Guide

ISACA Certified in Risk and Information Systems Control (CRISC®) Exam Guide

ISACA Certified in Risk and Information Systems Control (CRISC®) Certification Guide is an enterprise IT risk management professional’s dream. With its in-depth approach and various self-assessment exercises, this book arms you with knowledge of every single aspect of the certification, and is a fantastic career companion after you’re certified.

BookSep 2023316 pages5
Burp Suite Cookbook

Burp Suite Cookbook

Burp Suite is an immensely powerful and popular tool for web application security testing. This book provides a collection of recipes that address vulnerabilities in web applications and APIs. It offers guidance on how to configure Burp Suite, make the most of its tools, and explore into its extensions.

BookOct 2023450 pages
Building and Automating Penetration Testing Labs in the Cloud

Building and Automating Penetration Testing Labs in the Cloud

This hands-on guide will help you design and build a variety of penetration testing labs that mimic modern cloud environments running on AWS, Azure, and GCP. In addition to these, you will explore a number of practical strategies on how to manage the complexity, cost, and security risks involved when setting up vulnerable cloud lab environments.

BookOct 2023562 pages
Ethical Hacking Workshop

Ethical Hacking Workshop

As cyber-attacks grow and APT groups advance their skillset, you need to be able to protect your enterprise against cyber-attacks. In order to limit your attack surface, you need to ensure that you leverage the same skills and tools that an adversary may use to hack your environment and discover the security gaps. This book will teach you how to think like a hacker, use state-of-the-art hacking tools, and protect yourself and your organizaiton.

BookOct 2023220 pages
Windows Forensics Analyst Field Guide

Windows Forensics Analyst Field Guide

This book contains step-by-step processes to guide you in any investigation related to Windows OS. You’ll find out how to acquire evidence using multiple tools as well as examine and analyze the collected artifacts, while discovering multiple techniques used in real-world forensic incidents.

BookOct 2023318 pages
Implementing DevSecOps Practices

Implementing DevSecOps Practices

This book is a comprehensive, hands-on guide for individuals new to DevSecOps who want to implement DevSecOps practices successfully and efficiently. With its help, you’ll be able to shift security toward the left, enabling you to merge security into coding in no time.

BookDec 2023258 pages