Is there a way to find out if and in case which linux security LSM (apparmor, selinux, grsecurity) is used by the kernel?
To be more specific let's assume I am a legimate root user of the machine?
If information available also it would be nice to furthermore know:
With regard to the question, is there a difference with considering the machine being (a) a local computer, (b) a dedicated server and (c) a virtual server "vServer"
update
I know that I could for instance install the user-space stuff
(on a debian for instance apt-get install apparmor
) and check if it yields
results related to the specific LSM. So I could do for apparmor
sudo apparmor_status
which would then for instance yield:
apparmor module is not loaded.
which helps me rule out that option. Yet I was looking for a more general approach covering most/all LSM.
update2
I have discovered the path /sys/kernel/security
. Maybe this is helpful finding an answer?
Best Answer
Yes you can check
/sys/kernel/security
what's available.See also dmesg or
/proc/cmdline
for boot settings.If your
config.gz
available thenelse