Hi !

chlyde

New Member
Joined
Dec 21, 2021
Messages
7
Reaction score
1
Credits
99
Hi : )

I bought a server blade about over a year ago : ) and am slowly getting ready to use it :)__. But first i want to harden the Ubuntu I installed on it and control everything the CPU is about to run by inspecting each command line before they hit the CPU for execution. I spoke with an Intel forum moderator about controlling the CPU RAM but he seemed not to really want to tell me how to do that. So, i'm looking for the best list of server hardening commands for writing Linux Bash scripts that will take control of the CPU's processes, kind of like java ( i heard) interpreting input and translating that Authorized Input into commands that are then passed thru to the CPU for execution.
So, reiterating (Commands and Script Suggestions) :
to Controll what gets passed thru to the CPU for processing ;
to Control what gets stored in any CPU CACHE ;
to CONTROL ANY Static RAM on my server ; and
anything else (you) can think of :?)__.

thank you :)
 


Hello @chlyde,
Welcome to Linux.org Forums.
Can't be of much help to you but I'm sure others with server experience will be along.
Enjoy!
 
Welcome aboard; not something I can answer but I am sure someone here will have an answer for you. Great to have you here.
 
Moved to the Linux Server sub-forum, as it contains more than an introduction.
 
Hi : )

I bought a server blade about over a year ago : ) and am slowly getting ready to use it :)__. But first i want to harden the Ubuntu I installed on it and control everything the CPU is about to run by inspecting each command line before they hit the CPU for execution. I spoke with an Intel forum moderator about controlling the CPU RAM but he seemed not to really want to tell me how to do that. So, i'm looking for the best list of server hardening commands for writing Linux Bash scripts that will take control of the CPU's processes, kind of like java ( i heard) interpreting input and translating that Authorized Input into commands that are then passed thru to the CPU for execution.
So, reiterating (Commands and Script Suggestions) :
to Controll what gets passed thru to the CPU for processing ;
to Control what gets stored in any CPU CACHE ;
to CONTROL ANY Static RAM on my server ; and
anything else (you) can think of :?)__.

thank you :)
I am new to Linux.org, so I hope I am not "necro'ing" a forgotten post. Nobody has responded, so I thought I would give it a try.

To @chlyde:
I read your post carefully. After reading it, I believe that you have much to learn about how modern computers work.

Short Answer:
In simple terms, you cannot do what you want at the low level that you are asking about. Modern CPUs and the associated peripherals are very complex.

You cannot easily control the CPU or its cache. If you want to understand what is required, start with a "deep dive" of learning how the operating system works, especially its kernel. Learn kernel level debugging (a much deeper dive) and you might have a hope and a prayer, or at least a better understanding of what you are asking and why it is the wrong approach.


My Recommendation:
You are trying to micro-manage your blade computer at much too low a level. Stop, step back, and refocus on learning how to properly secure the Ubuntu installation on your blade computer. There are many things you can do to tighten its security. Trust me, there is a lot to learn. Start with the basics - keep it patched and updated, limit user and process privileges, configure the firewall well, and most especially, learn how to monitor the logs and detect unwanted activity. Trying to do that at the CPU, cache, and RAM level is an impossible task.

Explanation:
Modern CPUs have multiple processors (cores) that divide their work among many running processes. The Ubuntu operating system creates and destroys processes as needed, and it manages how the processor divides its work between them. Furthermore, any time you type a key, or a network packet arrives, or many other things happen, it generates an interrupt. When an interrupt comes in, the processor suspends the current process and saves its current state. The processor handles the interrupt, and that work may be interrupted by a higher priority interrupt. Once the interrupts are handled, the processor restores the state of the running process and resumes where it left off. What happens with the CPU cache while it switches between processes and handles interrupts is not easily "controlled". Modern CPUs have multiple caches at different "levels", too. Low level caches are fast but small, higher level caches are slower but can cache more data. Data moves up and down the different cache levels as it is used.

When your blade computer first starts up, the CPU begins running machine code from firmware that is on chips on the motherboard. That motherboard firmware initializes the on-board chips and tells the CPU how to boot the operating system (Ubuntu Linux), which then takes over. Someone had to write and debug that firmware. They used specialized tools to do it, tools which do not apply to a typical computer running Ubuntu. That is what you are asking for, but it does not work for your needs.

Once the Ubuntu operating system loads, it takes control of your computer. The operating system kernel handles process switching, interrupts, etc. That is why I suggested that you learn kernel level debugging if you must "control" the CPU.

Static RAM is just one kind of RAM. It is typically used where the fastest speeds are desirable, such as caching. I do not understand what "Control" means with respect to static RAM.

Conclusion:
As I said above, focus on learning the best ways to secure your Ubuntu installation on the blade server. It will keep you busy for a long time.
 

Members online


Top