Automated LKRG Installation and Management Guide

This guide explains how to use the automated configuration files for Linux Kernel Runtime Guard (LKRG). These files automate the installation, updating, and management of LKRG on systems using systemd.

File Overview

1. lkrg.service - Main systemd service for LKRG
2. lkrg-temp-update.service - Service to rebuild LKRG when kernel changes
3. lkrg-temp-update.path - Path unit to watch for kernel updates
4. lkrg-temp-rebuild.sh - Script that handles the rebuilding process

Installation Steps

1. First, ensure you have the prerequisites installed:

   # For Debian/Ubuntu
   sudo apt-get install make gcc gawk libelf-dev linux-headers-$(uname -r) git
   
   # For RHEL/CentOS/Fedora
   sudo yum install make gcc awk elfutils-libelf-devel kernel-devel git

2. Copy the configuration files to their respective locations:

   # Create necessary directories
   sudo mkdir -p /usr/local/bin
   
   # Copy service files
   sudo cp lkrg.service /etc/systemd/system/
   sudo cp lkrg-temp-update.service /etc/systemd/system/
   sudo cp lkrg-temp-update.path /etc/systemd/system/
   
   # Copy and set permissions for the rebuild script
   sudo cp lkrg-temp-rebuild.sh /usr/local/bin/
   sudo chmod +x /usr/local/bin/lkrg-temp-rebuild.sh

3. Reload systemd to recognize the new services:

   sudo systemctl daemon-reload

4. Enable and start the services:

   # Enable and start the main LKRG service
   sudo systemctl enable lkrg.service
   sudo systemctl start lkrg.service
   
   # Enable and start the auto-update path monitor
   sudo systemctl enable lkrg-temp-update.path
   sudo systemctl start lkrg-temp-update.path

Features

1. Automatic LKRG Loading

• The lkrg.service automatically loads LKRG at system startup
• Handles proper module loading order and dependencies
• Can be disabled at boot by adding nolkrg to kernel parameters
• Applies LKRG sysctl configurations automatically

2. Automatic Kernel Update Handling

• The lkrg-temp-update.path unit monitors /lib/modules for kernel updates
• When a kernel update is detected, it triggers lkrg-temp-update.service
• The service runs lkrg-temp-rebuild.sh to rebuild LKRG for the new kernel

3. Automated Rebuild Process

The rebuild script (lkrg-temp-rebuild.sh) handles:

• Unloading the current LKRG module
• Removing old module files
• Cloning the latest LKRG source
• Building for the current kernel
• Installing the new module
• Updating module dependencies
• Restarting the LKRG service

Verification

To verify that everything is working properly:

1. Check LKRG service status:

   sudo systemctl status lkrg.service

2. Verify the module is loaded:

   lsmod | grep lkrg

3. Check the path unit status:

   sudo systemctl status lkrg-temp-update.path

4. View LKRG logs:

   sudo journalctl -u lkrg.service
   sudo journalctl -u lkrg-temp-update.service

Troubleshooting

1. If LKRG fails to load:

   • Check kernel logs: sudo dmesg | grep lkrg
   • Verify kernel headers are installed
   • Check build logs in journalctl

2. If auto-rebuild isn't working:

   • Ensure the path unit is active
   • Check permissions on /usr/local/bin/lkrg-temp-rebuild.sh
   • Review journalctl logs for the update service

3. Emergency Recovery:

   • Add nolkrg to kernel parameters in GRUB if system won't boot
   • Boot into recovery mode and disable the services if needed

Uninstallation

To remove the automation:

# Stop and disable services
sudo systemctl disable --now lkrg.service
sudo systemctl disable --now lkrg-temp-update.path
sudo systemctl disable --now lkrg-temp-update.service

# Remove configuration files
sudo rm /etc/systemd/system/lkrg.service
sudo rm /etc/systemd/system/lkrg-temp-update.service
sudo rm /etc/systemd/system/lkrg-temp-update.path
sudo rm /usr/local/bin/lkrg-temp-rebuild.sh

# Reload systemd
sudo systemctl daemon-reload

This automation system provides a robust way to manage LKRG, ensuring it remains functional across kernel updates while requiring minimal manual intervention.