# loadable kernel module (LKM)# kernel loadable module (kld) in FreeBSD, kernel

1. # loadable kernel module (LKM)
2. # kernel loadable module (kld) in FreeBSD, kernel extension (kext) in macOS,[1] kernel extension module in AIX, kernel-mode driver in Windows NT[2] and downloadable kernel module (DKM) in VxWorks. They are also known as kernel loadable modules (or KLM),
3. # and simply as kernel modules (KMOD).
4. # They are located in /lib/modules and have had the extension .ko ("kernel object") since version 2.6 (previous versions used the .o extension).[
5.  
6.  
7. ps ax | wc -l
8. ls -d /proc/* | grep [0-9]|wc -l
9.  
10. #compare the results => should be the same
11.  
12. # If an attacker can change the initramfs, they can change the kernel binary.
13.  
14.  
15. #display modules
16. lsmod
17. less /proc/modules
18.  
19. # load driver without reboot
20. modprobe cdrom
21.  
22. MODULES_PATH = "/etc/modprobe.d:/etc/modules-load.d"
23. OLD_TYPE_FILE = "/etc/modules"
24.  
25. # REMOVE MODULE
26. sudo rmmod $MODULE_NAME
27. sudo modprobe -r $MODULE_NAME
28.  
29. #Blacklisting Modules
30. nano -w /etc/modprobe.d/blacklist
31. echo "blacklist e100" >> /etc/modprobe.d/blacklist
32. sudo update-initramfs -u
33.  
34. # all commands
35.  
36. insmod
37. modprobe
38. rmmod
39. lsmod
40. modinfo
41. depmod
42.  
43. #wc - print newline, word, and byte counts for each file
44.  
45. wc
46.  
47. w
48.  
49. #Show who is logged on and what they are doing.
50.  
51. nc -vn 127.0.0.55 22