Difference between revisions of "LKM"
Line 12: | Line 12: | ||
{{code|text= | {{code|text= | ||
<source lang="bash"> | <source lang="bash"> | ||
− | # insmod modname.ko | + | # insmod modname.ko |
− | # rmmod modname | + | # rmmod modname |
</source> | </source> | ||
}} | }} |
Revision as of 20:51, 21 June 2016
LKM stands for "Linux Kernel Module" or "Loadable Kernel Module". As the name implies, it is a way to allow code to interact directly with the kernel, in the kernel. In essence, it is a way to extend the kernel and add functionality to it. Although it goes without saying that you need root to modify the kernel, this opens up an interesting way to backdoor a box. You can see a list of currently loaded kernel modules in two ways:
$ lsmod $ cat /proc/modules |
You can (as root) add new modules to your kernel with the insmod and rmmod commands:
# insmod modname.ko # rmmod modname |
These two utilities provide a simple, clean way to insert or remove modules from the kernel. If you need more advanced control over the insertion, removal and alteration of modules in the kernel, use the more fully-featured modprobe utility instead.