git clone https://github.com/krobicon/ksenz git pull
cd ~/ksenz
chmod +x service-build.sh
./service-build.sh
cd ~/ksenz/bin
./service-install.sh
./service-uninstall.sh
This guide is written for Ubuntu. For other Linux flavors, adapt commands where needed.
We'll ensure that the root user can login.
- Configure your
rootuser password:
sudo passwd
See this page for more information on the root user.
We'll ensure that non-root users are unable to see the project-ksenz service.
- Switch to the
rootuser:
su
- Install dependencies:
apt install -y vim
- Open
/etc/fstabwith vim:
vim /etc/fstab
- Add the following line:
proc /proc proc defaults,nosuid,nodev,noexec,relatime,hidepid=1 0 0
- Reboot your system:
reboot
- Check that your non-root user cannot see root processes:
ps aux
See this page for more information on process isolation.
We'll ensure that non-root users cannot use ptrace capabilities.
- Switch to the
rootuser:
su
- Open
/etc/sysctl.d/10-ptrace.confwith vim:
vim /etc/sysctl.d/10-ptrace.conf
- Change the
kernel.yama.ptrace_scopevalue to2:
kernel.yama.ptrace_scope = 2
- Reboot your system:
reboot
- Check that the
ptrace_scopeis set to2:
sysctl kernel.yama.ptrace_scope
See this page for more information on process tracing.
We'll ensure that project-ksenz can be compiled with .NET.
- Switch to the
rootuser:
su
- Add the Microsoft package repositories:
- See https://docs.microsoft.com/en-us/dotnet/core/install/linux.
- Be sure to carefully follow instructions for your Linux flavor.
- Install .NET 6.0:
apt update && apt install -y dotnet-sdk-6.0
We'll build project-ksenz, so we can register it as a service:
- Switch to
rootuser:
su
- Open the
/rootdirectory:
cd ~
- Install dependencies:
apt install -y git