Getting the OSSI for Linux
VM Requirements
-
Supported OS: Linux 64-bit, versions 4.1 to 4.14.9 included
This range of kernel versions translates to the following versions of common distributions:- Fedora up to 27 (kernel version 4.13)
- CentOS up to version 7 (kernel version 3.10)
- OpenSUSE up to 15.0 (kernel version 4.12)
- Debian up to 9 (kernel version 4.9)
- Ubuntu up to 17.10 (kernel version 4.13)
- NixOS up to 18.09 (kernel version 4.14)
Each distribution may have its specific set of patches that can hinder the OSSI retrieval. Feel free to contact support if you cannot get OSSI when using a distribution from the list above.
-
PTI and KASLR protections: disabled.
-
The kernel headers installed in the VM.
Disabling KASLR and PTI
You need to add the nopti and nokaslr options to your kernel command line.
On most systems, the following procedure should work almost as-is:
- Edit the file
/etc/default/grub. - Find the variable
GRUB_CMDLINE_LINUX_DEFAULT. - Add the
noptiandnokaslroptions, making the line look like this:GRUB_CMDLINE_LINUX_DEFAULT="[...] nopti nokaslr" - Regenerate your grub configuration:
update-grubfor Debian
grub2-mkconfig -o /etc/grub2.cfgfor CentOS
other distributions should work in a similar way. - Reboot.
- Verify that you have the options present in
/proc/cmdline.
Installing the kernel headers
For Debian-like distributions, this should be done with a command similar to
this one:
sudo apt install linux-headers-$(uname -r)
For RedHat-based distributions, the command is more like the following:
sudo dnf install kernel-devel kernel-headers
Obtaining OSSI for a scenario
This should be as simple as:
- Preparing the snapshot you want to use for the record.
- Recording your scenario.
- Checking the "OSSI" option at the replay step.
However, depending on the distribution you are recording, the generation of the
kernel_description.json resource may fail. In that case, contact the support
to get help in the process of generating it manually.