The Linux Kernel Runtime Guard is a free and Open Source project distributed primarily in source code form. You can download it and prepare custom build by yourself.
LKRG protects system by comparing hashes which are calculated from the most important kernel region / sections / structures with the internal database hashes. Additionally, special efforts have been made to individually protect all extensions of the kernel (modules). To make the project fully functional, the module should be initially loaded on a clean system – e.g. directly after installation or after booting clean system. At this moment it is possible to create a trusted database of hashes.
There are two main ideas behind the Linux Kernel Runtime Guard (LKRG):
- Prevent unsupported modifications of the Linux kernel – it forces “rules” which need to be followed to develop extensions/extra functionalities for the Linux Operating System. These “rules” are an official Linux <abbr>API</abbr> which must be consumed to provide specific functionality instead of relying on unsupported modifications of running kernel (patching). Patching the kernel has direct impact on the security, system stability and performance. This project was never designed to be a perfect solution (it can be bypassed) and the weaknesses are known but the correct usage may significantly improve security, system stability and performance of the entire <abbr>OS</abbr> / platform.
- [Beta version] Given that LKRG correctly prevents unauthorized modifications, we implemented beta version of Exploit Detection feature with the goal of being able to detect kernel exploitation process.
Currently, we maintain two versions of the LKRG project:
- p_lkrg-main - light version of the LKRG project.
- p_lkrg-experimental - Experimental version of the LKRG project which fully includes “Protected Features”. This version is more functional but it has some side effects (if tou are interested in experimental branch please read ”Protected Features” page)
More information about the project and full documentation can be found here: