If you guys are at all concerned about security you might consider installing Linux Kernel Runtime Guard (LKRG). I’ve put together a quick tutorial which worked pretty well for me and has had minimal impact on hashrates. As of this writing, LKRG sits at version 0.9.1. More info about it can be found here:
https://www.openwall.com/lkrg
GitHub - Whonix/lkrg: Linux Kernel Runtime Guard
Start by downloading the git:
git clone https://github.com/openwall/lkrg
And, get the required components:
sudo apt-get install linux-headers-$(uname -r)
You can try building it but you’ll likely get an error if you’re running a Hive OS with certain kernel releases (e.g. 5.4.0).
cd lkrg
sudo make -j8
So, get the Hive OS release info:
uname --kernel-release
e.g. 5.4.0-hiveos
Next, edit LKRG’s main header file:
cd src
xedit p_lkrg_main.h
And, find this chunk of code around line 119:
#if LINUX_VERSION_CODE >= KERNEL_VERSION(5,9,0) || \
(LINUX_VERSION_CODE >= KERNEL_VERSION(5,4,118) && LINUX_VERSION_CODE < KERNEL_VERSION(5,5,0)) || \
(LINUX_VERSION_CODE >= KERNEL_VERSION(4,19,191) && LINUX_VERSION_CODE < KERNEL_VERSION(4,20,0)) || \
(LINUX_VERSION_CODE >= KERNEL_VERSION(4,14,233) && LINUX_VERSION_CODE < KERNEL_VERSION(4,15,0))
#define P_LKRG_UNEXPORTED_MODULE_ADDRESS
#endif
Right after the “#if” add in your kernel release version (e.g. 5.4.0) to make it look something like this:
#if LINUX_VERSION_CODE == KERNEL_VERSION(5,4,0) || LINUX_VERSION_CODE >= KERNEL_VERSION(5,9,0) || \
(LINUX_VERSION_CODE >= KERNEL_VERSION(5,4,118) && LINUX_VERSION_CODE < KERNEL_VERSION(5,5,0)) || \
(LINUX_VERSION_CODE >= KERNEL_VERSION(4,19,191) && LINUX_VERSION_CODE < KERNEL_VERSION(4,20,0)) || \
(LINUX_VERSION_CODE >= KERNEL_VERSION(4,14,233) && LINUX_VERSION_CODE < KERNEL_VERSION(4,15,0))
#define P_LKRG_UNEXPORTED_MODULE_ADDRESS
#endif
Save and exit xedit. Then run the build command again:
cd ..
sudo make -j8
After the build completes successfully, install it:
sudo make install
And, finally set it to load with boot:
xedit /hive/etc/crontab.root
Add this line at the end and save it:
@reboot sleep 60; sudo systemctl start lkrg; sudo systemctl enable lkrg.service;
You might also consider blocking modules:
sudo sysctl -w lkrg.block_modules=1
But be careful playing with some of the settings (e.g. lkrg.profile_enforce), as some of them may cause frequent kernel panics which lead to crashes.