Local0.c is a simple linux lkm that denies root access to remote users only. Tested on Redhat 7.2.
9cab68c6306efb7370285edcfe37263ff43e1c60ffbdb163f1b701ed962adb51
/* A simple linux lkm that denies root access to remote users only .
Might be a good idea to insert such module on a 24/7 connected box
at night or whenever you're not localy on the system
to run compile with gcc -c local0.c;insmod local0.o
to remove rmmod local0
tested on redhat 7.2
Note : on older systems you might have to change
SYS_setuid32 to SYS_setuid
by Dalnet SLACKo slacko@mail.ru */
#define MODULE
#define __KERNEL__
#include <linux/string.h>
#include <linux/module.h>
#include <linux/kernel.h>
#include <linux/config.h>
#include <linux/malloc.h>
#include <asm/uaccess.h>
#include <sys/syscall.h>
extern void *sys_call_table[];
int (*saved)(uid_t);
int my_setuid(uid_t uid) {
int n;
asm("in %%dx,%%al;":"=a"(n):"a"(0),"d"(0x60));
if(n != 28 && uid == 0)
return -1;
return saved(uid);
}
int init_module() {
saved = sys_call_table[SYS_setuid32];
sys_call_table[SYS_setuid32] = my_setuid;
return 0;
}
void cleanup_module() {
sys_call_table[SYS_setuid32] = saved;
}