For security concerns why not load Linux with iso9660 read-only and looping back it to itself (kernel-space) …
I put kernel and initrd together in a framework.iso file and load the iso from grub. If we can loopback kernel itself deny/allow access to a module/resource/feature (including kernel itself) better security improvements we should have. Could have flatpak/snap support on this.
It’s some kind of self-relationship (kernel related limits). In a DOS and/or DDOS networkt attack, kernel could downgrade performance reading, writing executing its own parameters/variables, etc. We can change kernel via sci (syscall interface) instructing it talk to itself about everything running scenario instead of leaving security techniques in the hand of the user (only). My cpu cores are 0%/2% normal usage. Information Security the user is the achilles heel!!!
I edited /etc/grub.d/40_custom, like this:
menuentry 'Debian GNU/Linux CUSTOM' {
load_video
insmod gzio
if [ x$grub_platform = xxen ]; then insmod xzio; insmod lzopio; fi
insmod part_gpt
insmod cryptodisk
insmod luks
insmod gcry_rijndael
insmod gcry_rijndael
insmod gcry_sha256
insmod ext2
cryptomount -u 0462247d-045c-47eb-9879-87608b07b26d
set root='cryptouuid/0462247d045c47eb987987608b07b26d'
if [ x$feature_platform_search_hint = xy ]; then
search --no-floppy --fs-uuid --set=root --hint='cryptouuid/0462247d045c47eb987987608b07b26d' 52f50b23-443d-4af8-9426-d3d92c6096c3
else
search --no-floppy --fs-uuid --set=root 52f50b23-443d-4af8-9426-d3d92c6096c3
fi
set isofile="/debian.iso"
loopback loop $isofile
linux (loop)/vmlinuz-6.10.6-amd64 iso-scan/filename=$isofile noprompt noeject root=UUID=52f50b23-443d-4af8-9426-d3d92c6096c3 ro nvidia-drm.modeset=1 quiet cryptdevice=UUID=0462247d-045c-47eb-9879-87608b07b26d:luks-0462247d-045c-47eb-9879-87608b07b26d root=/dev/mapper/luks-0462247d-045c-47eb-9879-87608b07b26d splash resume=UUID=1d113a68-2a2e-4d88-a3d8-09ed050a05d8
initrd (loop)/initrd.img-6.10.6-amd64
}
update-grub and reboot
It is working but I cant see much different for a while. Some features needs to be implemented. deep learning kali linux, owasp. Lets harder Linux 🙂
Thx