eBPF安全双刃剑:从内核防御到隐蔽Rootkit的攻防全解析
eBPF正在重塑Linux安全格局。本文深入分析eBPF作为防御工具和攻击武器的双重角色,详解BPFDoor、LinkPro rootkit威胁,提供内核参数加固、LSM访问控制等全面防御策略与实战配置指南。
Mateusz spent eight years on the Red Hat consulting bench before going independent in 2024, embedded with banks and telcos rolling out RHEL 8 and 9 across regulated estates. Most of that work was SELinux policy debugging, FIPS-mode enablement, and cleaning up the kind of sudoers files that grow organically over a decade. He holds OSCP and RHCE, and maintains a small set of Ansible roles for STIG-hardened RHEL builds that a few European credit unions now run in production. Before Red Hat he was a junior sysadmin at Allegro in Poznan, mostly babysitting Postfix and learning why you don't run updatedb on an NFS root. Mateusz writes about the boring half of Linux security: package signing, audit daemon tuning, and the unglamorous work of actually reading journalctl output before paging anyone.
eBPF正在重塑Linux安全格局。本文深入分析eBPF作为防御工具和攻击武器的双重角色,详解BPFDoor、LinkPro rootkit威胁,提供内核参数加固、LSM访问控制等全面防御策略与实战配置指南。