from Hacker News

Linux Threat Hunting: ‘Syslogk’ a kernel rootkit found in the wild

by rmdoss on 6/20/22, 5:57 AM with 54 comments

by 28304283409234 on 6/20/22, 6:44 AM
Seems to only relate to RHEL 6, or derivatives of, such as CentOS 6. Yes: 6. Which is as EOL as enterprise software gets: https://access.redhat.com/support/policy/updates/errata#Life...
by rollcat on 6/20/22, 10:56 AM
OpenBSD has removed loadable kernel modules back in 2014; macOS is aggressively moving in the same direction. Meanwhile - is running a Linux system without module support even viable these days?
$ du -sh /lib/modules/$(uname -r)
294M /lib/modules/5.10.0-15-amd64
by wazari972 on 6/20/22, 7:18 AM
> To load the rootkit into kernel space, it is necessary to approximately match the kernel version used for compiling; it does not have to be strictly the same.
>> vermagic=2.6.32-696.23.1.el6.x86_64 SMP mod_unload modversions
do you know why they say "approximately match"? I thought it had to match exactly so that the kernel accepts to load the module