TNS
SUBSCRIBE
Join our community of software engineering leaders and aspirational developers. Always stay in-the-know by getting the most important news and exclusive content delivered fresh to your inbox to learn more about at-scale software development.
REQUIRED
 
It seems that you've previously unsubscribed from our newsletter in the past. Click the button below to open the re-subscribe form in a new tab. When you're done, simply close that tab and continue with this form to complete your subscription.
Welcome and thank you for joining The New Stack community!
Please answer a few simple questions to help us deliver the news and resources you are interested in.
REQUIRED
REQUIRED
REQUIRED
REQUIRED
REQUIRED
Great to meet you!
Tell us a bit about your job so we can cover the topics you find most relevant.
REQUIRED
REQUIRED
REQUIRED
REQUIRED
REQUIRED
 
Welcome!

We’re so glad you’re here. You can expect all the best TNS content to arrive Monday through Friday to keep you on top of the news and at the top of your game.

What’s next?

Check your inbox for a confirmation email where you can adjust your preferences and even join additional groups.

Become a TNS follower on LinkedIn.

Check out the latest featured and trending stories while you wait for your first TNS newsletter.

PREV
of
NEXT
VOXPOP
As a JavaScript developer, what non-React tools do you use most often?
Angular
0%
Astro
0%
Svelte
0%
Vue.js
0%
Other
0%
I only use React
0%
I don't use JavaScript
0%
 
NEW! Try Stackie AI
Cloud Native Ecosystem Containers Databases Edge Computing Infrastructure as Code Linux Microservices Open Source Networking Storage
Agentic development hinges on verification. For cloud-native software, that is a runtime problem.
Jun 11th 2026 10:00am, by Arjun Iyer
Vendor neutrality isn’t magic: A hard look at the OpenTelemetry ecosystem
May 29th 2026 10:00am, by Adriana Villela and Josh Lee
How Jaeger hit 8.6× compression on 10 million spans with ClickHouse
May 24th 2026 11:00am, by Mahad Zaryab
After becoming cloud computing’s telemetry standard, OpenTelemetry graduates into the AI infrastructure era
May 21st 2026 10:00am, by Paul Sawers
Why agent harnesses fail inside cloud-native systems
May 13th 2026 9:00am, by Arjun Iyer
AWS can now mathematically prove your VMs are isolated
Jun 10th 2026 12:46pm, by Frederic Lardinois
Microsoft wants to make service mesh invisible
Apr 8th 2026 1:11pm, by Frederic Lardinois
Edera spent years calling KVM less secure. Here's why it changed its mind.
Mar 25th 2026 2:22pm, by Steven J. Vaughan-Nichols
Minimus aims to solve one of open-source's long-festering problems
Mar 24th 2026 3:00am, by Adrian Bridgwater
How to deploy Pi-Hole with Docker and stop ads on every device on your LAN
Mar 23rd 2026 7:44am, by Jack Wallen
When your data model is the bottleneck: lessons from Medium’s feature store
Jun 9th 2026 10:40am, by Cynthia Dunlop
For years, Apache Cassandra handed this work to your team — 6.0 takes it back
Jun 8th 2026 10:00am, by Anil Inamdar
Autonomous agents have met their biggest challenge yet: The database.
Jun 4th 2026 2:53pm, by Chris J. Preimesberger
Why the need for humans won't disappear in the age of autonomous databases
Jun 4th 2026 1:18pm, by Chris J. Preimesberger
Asana says its new AI "chief of staff" turns your Slack chaos into trackable work
Jun 4th 2026 12:21pm, by Frederic Lardinois
Google Gemma 4 12B nearly matches 26B benchmarks — and runs on your laptop
Jun 4th 2026 3:30pm, by Meredith Shubel
How to get operational data off the factory floor without creating an IT breach
Jun 3rd 2026 3:55pm, by Alex Wilhelm
Edge-forward: Akamai eyes sweet spot between centralized & decentralized AI inference
Apr 1st 2026 7:00am, by Adrian Bridgwater
Developers are coding to a moving target, and nobody knows where AI lands next
Mar 3rd 2026 7:33am, by Adrian Bridgwater
Cloudflare’s new Markdown support shows how the web is evolving for AI agents
Mar 2nd 2026 4:30am, by David Eastman
Why Terraform is green when your cloud is broken
Apr 28th 2026 9:00am, by Joe Karlsson
The one Slack message that proved our elite engineering team was flying blind
Apr 26th 2026 11:00am, by Joe Karlsson
The operational gap is real, and it's getting wider
Mar 26th 2026 8:00am, by Yevgeny Pats
Why "automated" infrastructure might cost more than you think
Feb 24th 2026 4:00am, by Justyn Roberts
Why 40% of AI projects will be canceled by 2027 (and how to stay in the other 60%)
Feb 13th 2026 6:00am, by Alex Drag
Why Linux creator Linus Torvalds gets angry hearing "99% of code is AI"
May 29th 2026 10:34am, by B. Cameron Gain
Sparky Linux 9 brings a rolling release to Debian
Mar 30th 2026 8:00am, by Jack Wallen
Edera spent years calling KVM less secure. Here's why it changed its mind.
Mar 25th 2026 2:22pm, by Steven J. Vaughan-Nichols
Your Kubernetes isn't ready for AI workloads, and drift is the reason
Mar 25th 2026 8:43am, by TNS Staff
Linux kernel scale is swamping an already-flawed CVE system
Mar 20th 2026 4:30am, by Jed Salazar
Tetrate launches open source marketplace to simplify Envoy adoption
Mar 11th 2026 10:52am, by Adrian Bridgwater
OpenTelemetry roadmap: Sampling rates and collector improvements ahead
Feb 24th 2026 11:00am, by B. Cameron Gain
Merging To Test Is Killing Your Microservices Velocity
Dec 16th 2025 7:00am, by Arjun Iyer
IBM’s Confluent Acquisition Is About Event-Driven AI
Dec 11th 2025 6:00am, by Joab Jackson
Deploy Agentic AI Workflows With Kubernetes and Terraform
Nov 26th 2025 9:00am, by Oladimeji Sowole
Microsoft pulled 73 GitHub repos after malware attack — but still won’t say who’s compromised
Jun 10th 2026 12:40pm, by Meredith Shubel
Databricks wants to kill the "email me a file" problem for AI agent skills
Jun 10th 2026 10:00am, by Frederic Lardinois
For years, Apache Cassandra handed this work to your team — 6.0 takes it back
Jun 8th 2026 10:00am, by Anil Inamdar
Microsoft just made the agent runtime free — and kept everything around it
Jun 7th 2026 11:00am, by Janakiram MSV
Cloudflare aqui-hires VoidZero: Did a piece of the open web just stabilize, or become more brittle?
Jun 5th 2026 3:01pm, by Adrian Bridgwater
From system of record to system of control: How NetBox Labs is making network engineers “masters of intent.”
Apr 28th 2026 11:00am, by Doug Sillars
Beyond the VPN: Cloudflare Mesh builds a private network for the age of AI agents
Apr 14th 2026 11:04am, by Adrian Bridgwater
Model Flop Utilization is the metric Aria Networks says will define the AI infrastructure era
Apr 7th 2026 9:00am, by Adrian Bridgwater
How to deploy Pi-Hole with Docker and stop ads on every device on your LAN
Mar 23rd 2026 7:44am, by Jack Wallen
Why flat Kubernetes networks fail at scale
Mar 20th 2026 7:00am, by Reza Ramezanpour
Why Postgres wants NVMe on the hot path, and S3 everywhere else
Apr 17th 2026 9:00am, by Alasdair Brown
Scaling Btrfs to petabytes in production: a 74% cost reduction story
Mar 18th 2026 5:00am, by Motiejus Jakštys
What is KubeVirt and why it’s growing
Mar 17th 2026 9:00am, by Tiago Castro
S3 is the new network: Rethinking data architecture for the cloud era
Feb 2nd 2026 4:00am, by Max Liu
Agoda’s secret to 50x scale: Getting the database basics right
Jan 28th 2026 7:00am, by Cynthia Dunlop
AI AI Engineering API Management Backend development Data Frontend Development Large Language Models Security Software Development WebAssembly
"Don't just grab random stuff off the internet": What Chainguard found in 52,000 open-source packages
Jun 11th 2026 4:38pm, by
"AI is disrupting everything": Where do entry-level tech jobs go now?
Jun 11th 2026 2:34pm, by
AI agents need infrastructure: Why Europe’s regional cloud strategy matters
Jun 11th 2026 10:00am, by
Ramp bets forward deployed engineers can do what off-the-shelf finance AI can't
Jun 10th 2026 9:00am, by
Anthropic launches Claude Mythos/Fable 5, but you better try it soon
Jun 9th 2026 3:30pm, by
"AI is disrupting everything": Where do entry-level tech jobs go now?
Jun 11th 2026 2:34pm, by
Beyond the stack trace: why AI requires a new debugging paradigm
Jun 11th 2026 1:00pm, by
How to delegate 40% of tickets to AI
Jun 11th 2026 10:30am, by
Agentic development hinges on verification. For cloud-native software, that is a runtime problem.
Jun 11th 2026 10:00am, by
Transform your AI coding agent into a deterministic Java Spring expert
Jun 11th 2026 9:00am, by
Anthropic's $300M Stainless deal lands hardest on OpenAI and Google
May 23rd 2026 10:00am, by
The API portal is the clearest signal of whether your company can handle AI agents
May 12th 2026 1:23pm, by
AI teams are spending months on web scrapers that SerpApi replaces with one API call
May 12th 2026 10:00am, by
Why JSON Schema matters more than ever in the age of generative AI
Apr 28th 2026 1:00pm, by
SmartBear's Swagger update targets the API drift problem AI coding tools created
Apr 19th 2026 10:00am, by
Why PHP performance keeps getting bumped from the roadmap
May 6th 2026 10:00am, by
Why Postgres wants NVMe on the hot path, and S3 everywhere else
Apr 17th 2026 9:00am, by
Expo bets big on React Native’s agentic future
Apr 16th 2026 11:37am, by
From clobbered drafts to real-time sync
Apr 14th 2026 10:00am, by
Moving beyond the “magic scaling sauce” myth
Apr 2nd 2026 9:30am, by
"The manual model breaks": What happens when agents write to production data
Jun 11th 2026 1:35pm, by
Databricks wants to kill the "email me a file" problem for AI agent skills
Jun 10th 2026 10:00am, by
When your data model is the bottleneck: lessons from Medium’s feature store
Jun 9th 2026 10:40am, by
For years, Apache Cassandra handed this work to your team — 6.0 takes it back
Jun 8th 2026 10:00am, by
Rayfin: Microsoft's answer to the gap between vibe coding and enterprise production
Jun 2nd 2026 3:46pm, by
Google wants to make the web agent-ready
May 19th 2026 1:45pm, by
Expo bets big on React Native’s agentic future
Apr 16th 2026 11:37am, by
Digital Experience Monitoring belongs in the modern developer workflow
Apr 3rd 2026 10:00am, by
WebMCP turns any Chrome web page into an MCP server for AI agents
Mar 17th 2026 11:50am, by
Confluent adds A2A support, anomaly detection, and Queues for Kafka in major platform update
Mar 3rd 2026 10:21am, by
Cleaner AI training data, fewer bugs: Sonar's SonarSweep explained
Jun 11th 2026 8:00am, by
Google's DiffusionGemma is 4x faster than its other Gemma models
Jun 10th 2026 1:18pm, by
Fable 5: Guardrails and burn rate are annoying users, who say it's still better than Opus 4.8
Jun 10th 2026 1:11pm, by
Why Anthropic just doubled Claude Cowork limits at no charge
Jun 8th 2026 1:35pm, by
Google Gemma 4 12B nearly matches 26B benchmarks — and runs on your laptop
Jun 4th 2026 3:30pm, by
"Don't just grab random stuff off the internet": What Chainguard found in 52,000 open-source packages
Jun 11th 2026 4:38pm, by
Cleaner AI training data, fewer bugs: Sonar's SonarSweep explained
Jun 11th 2026 8:00am, by
Microsoft pulled 73 GitHub repos after malware attack — but still won’t say who’s compromised
Jun 10th 2026 12:40pm, by
Spring is 23 years old. AI just made it a security emergency.
Jun 9th 2026 2:48pm, by
"A dangerous combination": The 2 factors that can "corrupt" AI agent workflows
Jun 8th 2026 9:00am, by
"AI is disrupting everything": Where do entry-level tech jobs go now?
Jun 11th 2026 2:34pm, by
Beyond the stack trace: why AI requires a new debugging paradigm
Jun 11th 2026 1:00pm, by
How to delegate 40% of tickets to AI
Jun 11th 2026 10:30am, by
WeAreDevelopers is coming to the US to give unsung developers a bigger voice
Jun 11th 2026 8:42am, by
How long before we stop reading the code?
Jun 9th 2026 9:00am, by
Edge-forward: Akamai eyes sweet spot between centralized & decentralized AI inference
Apr 1st 2026 7:00am, by
WebAssembly is now outperforming containers at the edge
Mar 29th 2026 9:00am, by
WebAssembly could solve AI agents' most dangerous security gap
Mar 24th 2026 9:01am, by
How WebAssembly plugins simplify Kubernetes extensibility
Mar 3rd 2026 2:00pm, by
WebAssembly is everywhere. Here's how it works
Feb 25th 2026 11:00am, by
AI Operations CI/CD Cloud Services DevOps Kubernetes Observability Operations Platform Engineering
Observability overload is drowning engineers
Jun 10th 2026 1:27pm, by Alex Wilhelm
The tokenmaxxing party is over, and Revenium is mopping up
Jun 9th 2026 6:00am, by Chris J. Preimesberger
Why Anthropic just doubled Claude Cowork limits at no charge
Jun 8th 2026 1:35pm, by Adrian Bridgwater
From Jupyter Notebook to production: How to ship AI systems that actually work
Jun 6th 2026 7:00am, by Zziwa Raymond Ian
Why agentic AI makes the ops platform the most important layer in the enterprise
Jun 4th 2026 2:35pm, by TNS Staff
AI teams now deploy 1,000 times a month. Your pipeline wasn't built for that.
Jun 7th 2026 12:30pm, by Paul Stovell
GitLab 19.0 trades its string section for a full DevSecOps orchestra
May 25th 2026 12:00pm, by Adrian Bridgwater
CI wasn't built for coding agents. Here's what comes next.
May 21st 2026 10:30am, by Anirudh Ramanathan
As agentic dev tools boom, workflow auditability becomes the constraint
May 12th 2026 8:00am, by Brian Wald
The agent code explosion is here. We need to rethink our pipelines, fast.
May 4th 2026 10:00am, by Arjun Iyer
AI agents need infrastructure: Why Europe’s regional cloud strategy matters
Jun 11th 2026 10:00am, by Kevin Cochrane
Why CPUs still matter in the age of AI agents
Jun 3rd 2026 2:54pm, by Frederic Lardinois
Why AWS scrapped OpenSearch's architecture to chase agent workloads
May 28th 2026 2:30pm, by Frederic Lardinois
AI agents need to spend money — Stripe and iWallet are building the rails
May 5th 2026 7:43am, by John Biggs
AWS lands OpenAI on Bedrock, but Trainium is the real story
Apr 29th 2026 10:54am, by Janakiram MSV
From Jupyter Notebook to production: How to ship AI systems that actually work
Jun 6th 2026 7:00am, by Zziwa Raymond Ian
The DIY platform trap that's burning out engineering teams
May 31st 2026 11:00am, by Darin Zook
GitLab 19.0 trades its string section for a full DevSecOps orchestra
May 25th 2026 12:00pm, by Adrian Bridgwater
How MCP and synthetic data are reshaping compliance in the agentic era
May 23rd 2026 9:00am, by Brian Muskoff
"Morally repugnant shortsightedness": Why open source security leaders say companies must stop freeloading on maintainers
May 21st 2026 10:00am, by Adrian Bridgwater
Why the need for humans won't disappear in the age of autonomous databases
Jun 4th 2026 1:18pm, by Chris J. Preimesberger
How to secure Kubernetes in the age of AI workloads
Jun 4th 2026 12:45pm, by Mary Branscombe
Cloud native application challenges: installing the walking skeleton
May 13th 2026 9:00am, by Manning Book Authors
Why Prometheus couldn't see Cilium metrics at 2 a.m.
May 10th 2026 10:00am, by Rishi Mondal
How Microsoft is governing thousands of Kubernetes clusters without manual intervention
May 7th 2026 6:07pm, by Adrian Bridgwater
Observability overload is drowning engineers
Jun 10th 2026 1:27pm, by Alex Wilhelm
The tokenmaxxing party is over, and Revenium is mopping up
Jun 9th 2026 6:00am, by Chris J. Preimesberger
Vendor neutrality isn’t magic: A hard look at the OpenTelemetry ecosystem
May 29th 2026 10:00am, by Adriana Villela and Josh Lee
Debugging the undebuggable: building observability into probabilistic AI systems
May 28th 2026 7:00am, by Oladimeji Sowole
Taming the agentic influx: a blueprint for AI business observability
May 26th 2026 8:00am, by Charles Humble
The reason enterprise outages almost never start where ops teams think
May 26th 2026 9:43am, by Jennifer Riggins
I buried 20 problems in a fake P&L to see if Claude for Small Business could find them
May 22nd 2026 9:00am, by Jessica Wachtel
OpenAI brings Codex to the ChatGPT mobile app
May 14th 2026 4:13pm, by Frederic Lardinois
GitLab is betting a 19th-century economic theory will shape its AI era
May 14th 2026 1:21pm, by Paul Sawers
The new FinOps problem isn't cloud bills
May 12th 2026 7:24pm, by Frederic Lardinois
Git real: AI agents aren't just for solo developers anymore
Jun 9th 2026 3:58pm, by Janakiram MSV
Netlify CTO Dana Lawson: Writing code is no longer the job
Jun 6th 2026 10:00am, by Jennifer Riggins
Why agentic AI makes the ops platform the most important layer in the enterprise
Jun 4th 2026 2:35pm, by TNS Staff
The DIY platform trap that's burning out engineering teams
May 31st 2026 11:00am, by Darin Zook
The fix for soaring AI cloud bills exists — so why won't we trust it?
May 29th 2026 9:00am, by Jennifer Riggins
C++ Developer tools Go Java JavaScript Programming Languages Python Rust TypeScript
Open source USearch library jumpstarts ScyllaDB vector search
Feb 5th 2026 12:00pm, by Jelani Harper
AWS WAF vs. Google Cloud Armor: A Multicloud Security Showdown
Nov 25th 2025 10:00am, by Advait Patel
Goodbye Dashboards: Agents Deliver Answers, Not Just Reports
Nov 23rd 2025 9:00am, by Ketan Karkhanis
Rust vs. C++: a Modern Take on Performance and Safety
Oct 22nd 2025 2:00pm, by Zziwa Raymond Ian
Building a Real-Time System Monitor in Rust Terminal
Oct 15th 2025 7:05am, by Tinega Onchari
Beyond the stack trace: why AI requires a new debugging paradigm
Jun 11th 2026 1:00pm, by Zziwa Raymond Ian
The Anthropic leader who built Claude Code says he ditched prompting — now he just writes loops.
Jun 10th 2026 1:01pm, by Janakiram MSV
How long before we stop reading the code?
Jun 9th 2026 9:00am, by Ankit Jain
Claude Code's biggest upgrade yet ran 5 agents at once — here's what happened
Jun 8th 2026 3:01pm, by Jessica Wachtel
With Foundry, Microsoft bets the enterprise AI battle is about reliability, not capability
Jun 8th 2026 8:00am, by Darryl K. Taft
Go Experts: 'I Don't Want to Maintain AI-Generated Code'
Sep 28th 2025 6:00am, by David Cassel
How To Run Kubernetes Commands in Go: Steps and Best Practices 
Jun 27th 2025 8:00am, by Sunny Yadav
Prepare Your Mac for Go Development
Apr 12th 2025 7:00am, by Damon M. Garn
Pagoda: A Web Development Starter Kit for Go Programmers
Mar 19th 2025 6:10am, by Loraine Lawson
Microsoft TypeScript Devs Explain Why They Chose Go Over Rust, C#
Mar 18th 2025 7:00am, by David Cassel
Transform your AI coding agent into a deterministic Java Spring expert
Jun 11th 2026 9:00am, by Raquel Pau
Spring is 23 years old. AI just made it a security emergency.
Jun 9th 2026 2:48pm, by Darryl K. Taft
In the AI age, Java is more relevant than ever
Apr 8th 2026 5:30pm, by Mary Branscombe
Java 26 lands without an LTS badge. Here's why developers should care anyway.
Mar 18th 2026 9:35am, by Darryl K. Taft
62% of enterprises now use Java to power AI apps
Feb 10th 2026 12:58pm, by Darryl K. Taft
Cloudflare aqui-hires VoidZero: Did a piece of the open web just stabilize, or become more brittle?
Jun 5th 2026 3:01pm, by Adrian Bridgwater
"Real maturity problems": Not every developer is thrilled with Bun after Anthropic acquisition
May 5th 2026 1:03pm, by Adrian Bridgwater
TypeScript 6.0 RC arrives as a bridge to a faster future
Mar 14th 2026 9:00am, by Darryl K. Taft
WebAssembly is everywhere. Here's how it works
Feb 25th 2026 11:00am, by Jessica Wachtel
Wasm vs. JavaScript: Who wins at a million rows?
Feb 22nd 2026 6:00am, by Jessica Wachtel
Who will maintain the web when PHP's veterans retire?
Apr 16th 2026 2:53pm, by Darryl K. Taft
Will AI force code to evolve or make it extinct?
Mar 22nd 2026 6:00am, by David Cassel
Java 26 lands without an LTS badge. Here's why developers should care anyway.
Mar 18th 2026 9:35am, by Darryl K. Taft
TypeScript 6.0 RC arrives as a bridge to a faster future
Mar 14th 2026 9:00am, by Darryl K. Taft
Nearly half of all companies now use Rust in production, survey finds
Mar 6th 2026 10:45am, by Darryl K. Taft
How to build an AI-powered private document search app with RAG, ChromaDB, and memory
Apr 10th 2026 12:00pm, by Teri Eyenike
In the AI age, Java is more relevant than ever
Apr 8th 2026 5:30pm, by Mary Branscombe
OpenAI acquires Astral to bring open source Python developer tools to Codex — but details are still fuzzy
Mar 20th 2026 7:33am, by Meredith Shubel
Python virtual environments: isolation without the chaos
Feb 16th 2026 7:00am, by Jessica Wachtel
Statistical language R is making a comeback against Python
Feb 12th 2026 2:57pm, by Darryl K. Taft
The Rust sidecar pattern that fixes Python AI's biggest weakness
May 14th 2026 9:00am, by Boris Chabeda
Nearly half of all companies now use Rust in production, survey finds
Mar 6th 2026 10:45am, by Darryl K. Taft
Wasm vs. JavaScript: Who wins at a million rows?
Feb 22nd 2026 6:00am, by Jessica Wachtel
Open source USearch library jumpstarts ScyllaDB vector search
Feb 5th 2026 12:00pm, by Jelani Harper
The 'weird' things that happened when Clickhouse replaced C++ with Rust
Feb 4th 2026 7:26am, by B. Cameron Gain
From clobbered drafts to real-time sync
Apr 14th 2026 10:00am, by David Moore
TypeScript 6.0 RC arrives as a bridge to a faster future
Mar 14th 2026 9:00am, by Darryl K. Taft
Mastra empowers web devs to build AI agents in TypeScript
Jan 28th 2026 11:00am, by Loraine Lawson
Inferno Vet Creates Frontend Framework Built With AI in Mind
Dec 10th 2025 11:00am, by Loraine Lawson
JavaScript Utility Library Lodash Changing Governance Model
Nov 1st 2025 7:00am, by Loraine Lawson
Open Source / Operations / Security

What Do You Know about Your Linux System?

A look at the process to get insight into supported system calls and features and to assess how secure a system is and its runtime activity.
Apr 3rd, 2023 11:15am by
Featued image for: What Do You Know about Your Linux System?
Do you know that Linux kernel-supported system calls and features are architecture dependent? Do you know that Linux kernel supports several hardening configuration options to secure your system? Let’s take a look at the process to get insight into supported system calls and features and to assess how secure a system is and its runtime activity.

System State Visualization

The kernel system state can be viewed as a combination of static and dynamic features and modules. Let’s first define what static and runtime system states are, and then explore how we can visualize the static and runtime system parts of the kernel. Static System View comprises system calls, features, static and dynamic modules enabled in the kernel configuration. Runtime System View comprises system calls, `ioctls` invoked and subsystems used during the runtime. A workload could load and unload modules and change the runtime system configuration to suit its needs by tuning system parameters. A few key points to remember:
  • Supported system calls and Linux kernel features are architecture-dependent. System call numbering is different on different architectures.
  • `auditd`, `checksyscalls.sh`, and `get_feat.pl` tools can be used to discover supported system calls and features.
  • Understanding Linux kernel-hardening configuration options and making sure they are enabled will make a system more secure.
  • Employing runtime tracing can shed light on the runtime system state.
  • Workloads could change the system state by loading and unloading dynamic modules and tuning system parameters.

How Do We Check Supported System Calls?

We have tools at our disposal to check for supported system calls and features. We can get the supported system call information using `auditd` utilities. `ausyscall –dump` from the `auditd` family of tools prints out the supported system calls on a system and allows mapping syscall names and numbers. You can install the `auditd` package on Debian-based systems: 
sudo apt-get install auditd
Linux kernel tool `scripts/checksyscalls.sh` can be used to check if current architecture is missing any system calls compared to i386. Linux kernel tool `scripts/get_feat.pl` can be used to list the Kernel feature support matrix for an architecture.

Finding Supported System Calls

As mentioned earlier, `ausyscall` prints out supported system calls on a system and allows mapping syscalls names and numbers. 
ausyscall --dump # prints out all supported system calls
`ausyscall` allows filtering on specific system calls or key strings. Let’s see what it shows when we invoke `ausyscall` with “open” and “time” options: 
ausyscall open
open			2
mq_open		240
openat			257
    		perf_event_open	298
    		open_by_handle_at	304
    		open_tree		428
    		fsopen		430
    		pidfd_open		434
    		openat2		437

ausyscall time
getitimer		36
    		setitimer		38
    		gettimeofday		96
   		times			100
    		rt_sigtimedwait	128
    		utime			132
    		adjtimex		159
    		settimeofday		164
    		time			201
    		semtimedop		220
    		timer_create		222
    		timer_settime		223
    		timer_gettime		224
    		timer_getoverrun	225
    		timer_delete		226
    		clock_settime		227
    	clock_gettime		228
    		utimes			235
    		mq_timedsend	242
    		mq_timedreceive	243
    		futimesat		261
   		utimensat		280
    		timerfd_create	283
    		timerfd_settime	286
    		timerfd_gettime	287
    		clock_adjtime		305

Finding Unsupported System Calls

Understanding which system calls are not supported is important as well. As mentioned earlier, `scripts/checksyscalls.sh` checks missing system calls on current architecture compared to i386. 
	checksyscalls.sh gcc
             warning: #warning syscall mmap2 not implemented [-Wcpp]
             warning: #warning syscall truncate64 not implemented [-Wcpp]
             warning: #warning syscall ftruncate64 not implemented [-Wcpp]
             warning: #warning syscall fcntl64 not implemented [-Wcpp]
             warning: #warning syscall sendfile64 not implemented [-Wcpp]
             warning: #warning syscall statfs64 not implemented [-Wcpp]
             warning: #warning syscall statfs64 not implemented [-Wcpp]
             warning: #warning syscall fadvise64_64 not implemented [-Wcpp]
Let’s check this against `ausyscall` now. 
ausyscall map
      mmap	         9
      munmap		 11
      mremap		 25
      remap_file_pages	216

ausyscall trunc
      truncate		 76
      ftruncate		 77
As you can see, `ausyscall` shows mmap2, ftruncate64 and ftruncate64 aren’t implemented on this system. This matches what `checksyscalls.sh` shows.

Finding Supported Features

Let’s see how we can find the supported features on a system. `scripts/get_feat.pl` can be used to list the kernel feature support matrix for an architecture. 
get_feat.pl list
get_feat.pl list –arch=arm64 lists
This script parses Documentation/features to find the support status information. It can be used to validate the contents of the files under Documentation/features or simply list them: 
--arch option outputs features for an specific architecture, optionally filtering 
           for a single specific feature.
  --feat or --feature option outputs features for a single specific feature.
Here is how you can find if stack protector and thread-info-in-task features are supported: 
scripts/get_feat.pl --arch=arm64 --feat=stackprotector list
        #
        # Kernel feature support matrix of the 'arm64' architecture:
        #
        debug/ stack protector       :  ok  |            HAVE_STACKPROTECTOR #
        arch supports compiler driven stack overflow protection

scripts/get_feat.pl --feat=thread-info-in-task list
        #
        # Kernel feature support matrix of the 'x86' architecture:
        #
        core/ thread-info-in-task  :  ok  |           THREAD_INFO_IN_TASK #
        arch makes use of the core kernel facility to embed thread_info in
        task_struct

Finding Kernel Module Status

`lsmod` command shows the kernel modules that are currently loaded. This program displays the contents of `/proc/modules`. Let’s pick `uvcvideo` module, which is found on most laptops: 
lsmod | grep uvc
uvcvideo              126976  0
videobuf2_vmalloc      20480  1 uvcvideo
uvc                    16384  1 uvcvideo
videobuf2_v4l2         36864  1 uvcvideo
videodev              315392  2 videobuf2_v4l2,uvcvideo
videobuf2_common       65536  4 
                                      Videobuf2_vmalloc,videobuf2_v4l2,uvcvideo,videobuf2_memops
mc                     77824  4 videodev,videobuf2_v4l2,uvcvideo,videobuf2_common
You can see that `lsmod` shows `uvcvideo` and the modules it depends on, and how many modules are using them. `videobuf2_common` is in use by four other modules. In other words, this is the reference count for this module, and `rmmod` will refuse to unload it as long as the reference count is > 0. You can get the same information from `/proc/modules`: 
 grep uvc  /proc/modules
  uvcvideo 126976 0 - Live 0x0000000000000000
  videobuf2_vmalloc 20480 1 uvcvideo, Live 0x0000000000000000
  uvc 16384 1 uvcvideo, Live 0x0000000000000000
  videobuf2_v4l2 36864 1 uvcvideo, Live 0x0000000000000000
  videodev 315392 2 uvcvideo,videobuf2_v4l2, Live 0x0000000000000000
  videobuf2_common 65536 4 uvcvideo,videobuf2_vmalloc,videobuf2_memops,videobuf2_v4l2, Live 0x0000000000000000
  mc 77824 4 uvcvideo,videobuf2_v4l2,videodev,videobuf2_common, Live 0x0000000000000000
The information is similar with a few extra fields. The address is the base address for the module in kernel virtual memory space. When run as a normal user, the address is all zeros. The same command when run as root will be as follows: 
sudo grep uvc  /proc/modules
  uvcvideo 126976 0 - Live 0xffffffffc1c8b000
  videobuf2_vmalloc 20480 1 uvcvideo, Live 0xffffffffc167f000
  uvc 16384 1 uvcvideo, Live 0xffffffffc0ab0000
  videobuf2_v4l2 36864 1 uvcvideo, Live 0xffffffffc0a28000
  videodev 315392 2 uvcvideo,videobuf2_v4l2, Live 0xffffffffc16e9000
  videobuf2_common 65536 4 uvcvideo,videobuf2_vmalloc,videobuf2_memops,videobuf2_v4l2, Live 0xffffffffc094d000
  mc 77824 4 uvcvideo,videobuf2_v4l2,videodev,videobuf2_common, Live 0xffffffffc15eb000
Let’s now take a look at what `modinfo` shows us: 
  /sbin/modinfo uvcvideo
  filename:       /lib/modules/6.3.0-rc2/kernel/drivers/media/usb/uvc/uvcvideo.ko
  license:        GPL
  description:    USB Video Class driver
  depends:        videobuf2-v4l2,videodev,mc,uvc,videobuf2-common,videobuf2-vmalloc
  retpoline:      Y
  intree:         Y
  name:           uvcvideo
  vermagic:       6.3.0-rc2 SMP preempt mod_unload modversions
  sig_id:         PKCS#7
  signer:         Build time autogenerated kernel key
This tells us that this module is built in the kernel repository signed with a build time autogenerated key. Let’s do one last sanity check on the system to see if the following two command outputs match: 
  ps ax | wc -l
  ls -d /proc/* | grep [0-9]|wc -l
If they don’t match, examine your system closely. Kernel rootkits install their own ps, find, etc., utilities to mask their activity. The outputs match on my system. Do they match on yours?

Is My System as Secure as It Could Be?

The Linux kernel supports several hardening options to make the system secure. Let’s talk about `kconfig-hardened-check` tool sanity that can check kernel configuration for security. You can clone the latest `kconfig-hardened-check` repository: 
git clone https://github.com/a13xp0p0v/kconfig-hardened-check.git
cd kconfig-hardened-check
bin/kconfig-hardened-check --config <config file> --cmdline /proc/cmdline
This will generate a detailed report of kernel security configuration and command line options that are enabled (OK) and the ones that aren’t (FAIL), and a summary line at the end: 
[+] Config check is finished: 'OK' - 100 / 'FAIL' - 100
You will have to analyze the information to determine which options make sense to enable on your system.

Understanding System Runtime Activity

So far, we have looked for ways to find the static state of a system. Now let’s switch to the runtime state of a system. The Linux kernel event-tracing feature can help us with understanding the runtime state. Enabling event tracing gives insight into system runtime activity. This is a good way to identify which parts of the kernel are used at a higher level while the system is in and/or while a specific workload/process is running. Event tracing depends on the `CONFIG_EVENT_TRACING` option enabled. You can enable event tracing before starting workload/process. Event tracing allows you to enable and disable tracing on supported/available events at runtime. You can find available events, tracers and filter functions in the following files: 
 /sys/kernel/debug/tracing/available_events
 /sys/kernel/debug/tracing/available_filter_functions
 /sys/kernel/debug/tracing/available_tracers
Now this is how you can enable tracing: 
sudo echo 1 > /sys/kernel/debug/tracing/events/enable
Once the workload/process stops or when you decide you have the status you need, you can disable event tracing: 
sudo echo 0 > /sys/kernel/debug/tracing/events/enable
You can find the tracing information in the file: /sys/kernel/debug/tracing Here is the information shown in this file: 
 cat trace
 # tracer: nop
 #
 # entries-in-buffer/entries-written: 0/0   #P:16
 #
 #                                _-----=> irqs-off/BH-disabled
 #                               / _----=> need-resched
 #                              | / _---=> hardirq/softirq
 #                              || / _--=> preempt-depth
 #                              ||| / _-=> migrate-disable
 #                              |||| /     delay
 #           TASK-PID     CPU#  |||||  TIMESTAMP  FUNCTION
 #              | |         |   |||||     |         |

How Do We Use These Traces?

You can map the functions to system calls and other kernel features to get insight into the overall system activity while a workload/process is running.

Conclusion

As you can see, we have several tools and features at our disposal to get insight into system activity and assess it for security.  
TRENDING STORIES
Group Created with Sketch.
Shuah Khan is a Linux Foundation fellow and an upstream kernel maintainer and developer.
Read more from Shuah Khan
SHARE THIS STORY
TRENDING STORIES
TNS owner Insight Partners is an investor in: Pragma, Class.
TRENDING STORIES
TNS DAILY NEWSLETTER Receive a free roundup of the most recent TNS articles in your inbox each day.