This year I gave a talk at the Easterhegg 2019 about a Linux kernel rootkit that can handle containers. I mainly presented my Bachelor work from 2017 with some improvements.
In kernel-programming we should avoid doing call_usermodehelper() which allows to execute a command from kernel-space. And sometimes we even want to call this function within a systemcall. Normally, we really don't wanna do this. But, desperate times require extraordinary methods.
When I first tried to execute call_usermodehelper() within a systemcall() I got a kernel failure. So I googled and what I found was:
Perf is a profiler tool for Linux 2.6+ based systems that abstracts away CPU hardware differences in Linux performance measurements and presents a simple commandline interface. Perf is based on the perf_events interface exported by recent versions of the Linux kernel. This article demonstrates the perf tool through example runs.
If you want to list the last shutdown's of a server just type:
# last -x shutdown shutdown system down 3.16.0-4-amd64 Sun Dec 20 22:14 - 08:28 (10:14) shutdown system down 3.16.0-4-amd64 Sat Dec 19 15:26 - 10:41 (19:15) shutdown system down 3.16.0-4-amd64 Sat Dec 19 14:35 - 15:24 (00:48) shutdown system down 3.16.0-4-amd64 Fri Dec 18 18:04 - 09:46 (15:42) shutdown system down 3.16.0-4-amd64 Fri Dec 18 10:01 - 15:46 (05:44)
If you have any harddisk, you can boost it's performance using a ssd-cache. The linux-kernel ships a function called bcache. Checkout the kernel-documentation for it.
Sometimes Kernel-Panics happen. It's awful, and nobody wants them, but sh** happens. Sometimes it's because of a hardware problem, sometimes it's just a software problem. Mostly the system hangs then and administratos have to reboot the system. But it is possible to tell Linux to automatic reboot when a kernel-panic happens...