Getting the OSSI for Linux
VM Requirements
- PTI and KASLR protections: disabled.
- The kernel headers installed in the VM.
- Compatible kernels: Linux 64-bit, versions 4.1 to 4.14.9 included
- Tested distributions:
- Fedora 27 (kernel version 4.13)
- OpenSUSE 15.1 (kernel version 4.12.14)
- Debian 9 (kernel version 4.9)
- Ubuntu 16.04 (kernel version 4.13)
- Other untested distributions in the compatibility range:
- OpenSUSE 15.0 (kernel version 4.12)
- Ubuntu 17.10 (kernel version 4.13)
- NixOS up to 18.09 (kernel version 4.14)
- ...
Each distribution may have its specific set of patches that can hinder the OSSI retrieval. Feel free to contact support if you cannot get OSSI when using a distribution from the list above.
Disabling KASLR and PTI
You need to add the nopti
and nokaslr
options to your kernel command line.
On most systems, the following procedure should work almost as-is:
- Edit the file
/etc/default/grub
. - Find the variable
GRUB_CMDLINE_LINUX_DEFAULT
. - Add the
nopti
andnokaslr
options, making the line look like this:GRUB_CMDLINE_LINUX_DEFAULT="[...] nopti nokaslr"
- Regenerate your grub configuration:
update-grub
for Debian
grub2-mkconfig -o /etc/grub2.cfg
for CentOS
other distributions should work in a similar way. - Reboot.
- Verify that you have the options present in
/proc/cmdline
.
Installing the kernel headers
For Debian-like distributions, this should be done with a command similar to
this one:
sudo apt install linux-headers-$(uname -r)
For RedHat-based distributions, the command is more like the following:
sudo dnf install kernel-devel kernel-headers
Obtaining OSSI for a scenario
This should be as simple as:
- Preparing the snapshot you want to use for the record.
- Recording your scenario.
- Checking the "OSSI" option at the replay step.
However, depending on the distribution you are recording, the generation of the
kernel_description.json
resource may fail. In that case, contact the support
to get help in the process of generating it manually.
Maximizing the symbol coverage
By default, symbols are searched within the binaries executed in a scenario. These production binaries usually contain very few symbols.
If debug versions of these binaries, with more symbols, are available on the VM, it is possible to complete the Light Filesystem resource with this information. It can be done manually or using a script.