# Kernel Modules

## What is it

In linux, kernel controls literally everything. The kernel operates between the user applications you see and the hardware that runs everything, like the CPU, memory, and hard drive

Kernel modules are drivers and extensions that can be loaded into the Linux kernel on-demand, without a reboot. Because they run with the kernel's absolute power, a malicious module loaded by an attacker acts as a **rootkit**, giving them absolute and stealth control of the entire system

## Versions matters

We all know the command `uname -a` it tells you the version, when it was built and architecture like x86\_64

But we have alternative, check out the `/proc/version` file, it will pretty much tell you the same thing

```bash
$ cat /proc/version
Linux version 5.15.0-78-generic
(buildd@lcy02-amd64-020) (gcc (Ubuntu 11.3.0-1ubuntu1~22.04.1) 11.3.0, GNU ld (GNU Binutils for Ubuntu) 2.38) #85~22.04.1-Ubuntu SMP Mon Jul 10 09:42:39 UTC 2023
```

## Kernel tuning

Tuning kernel with `sysctl` , this command is so powerful that one single mistake can crash the whole system so just to ensure to know what you are doing

To make any changes **permanent**, you have to edit the configuration file for `sysctl` directly at `/etc/sysctl.conf`

We can take a look at it

```bash
$ sysctl -a | less
dev.cdrom.autoclose = 1
dev.cdrom.autoeject = 0
dev.cdrom.check_media = 0
dev.cdrom.debug = 0
~~
```

This is how you modify the changes `sysctl -w <parameter>=<0/1>` Let’s say I want to enable port forwarding:

```bash
$ sysctl -w net.ipv4.ip_forward=1
```

And this is how you make it permanent:

You just need to delete the comment (#) and save it

```bash
$ sudo subl /etc/sysctl.conf
~~
#net.ipv4.ip_forward=1
~~
```

## Modules management

For managing modules we will use `insmod` and `modprobe`

`insmod` suite comes with several commands like `lsmod`, `rmmod` and `modinfo`

<table><thead><tr><th width="174">Feature</th><th width="256">lsmod</th><th>modprobe</th></tr></thead><tbody><tr><td><strong>Primary Purpose</strong></td><td>List currently loaded modules</td><td>Load or unload modules</td></tr><tr><td><strong>Data Source</strong></td><td>Reads /proc/modules</td><td>Reads module files in /lib/modules/…</td></tr><tr><td><strong>What it Lists</strong></td><td>Only the modules currently in memory</td><td>Reads module files in /lib/modules/..</td></tr></tbody></table>

```bash
$ lsmod # Count loaded modules
$ modinfo <module> # Gives info for the certain module 
```

```bash
$ lsmod | wc -l # Count loaded modules
29

$ modprobe -l | wc -l # Count ALL available modules
4152
    
```

### Adding and removing modules

Since dependencies issues within the `insmod` suite, in modern linux we simply use modprobe for adding and removing modules and of course nearly what `insmod` can do

Flag `-a` for add, and `-r` for remove

```bash
$ modprobe -a <module_name>
$ modprobe -r <module_name>
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://vix-w1zzer.gitbook.io/vixwizzer/notes/linux/kernel-modules.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.