Linux Kernel Module for True Protection

True Protection by Jag on Linux includes an optional kernel module that provides deep system integration for real-time file monitoring, rootkit detection, and kernel-level threat prevention. This module is available for supported kernel versions and distributions.

Supported Distributions

Ubuntu: 20.04 LTS, 22.04 LTS, 24.04 LTS
Debian: 11 (Bullseye), 12 (Bookworm)
CentOS/RHEL: 8, 9
Fedora: 38, 39, 40
SUSE Linux Enterprise: 15 SP4+

Kernel Module Features

Fanotify Integration: Uses the Linux fanotify API for efficient real-time file access monitoring with minimal overhead.
Kernel Integrity Checking: Monitors kernel memory for unauthorized modifications that could indicate rootkit activity.
eBPF Probes: Uses eBPF technology for lightweight process and network monitoring without traditional kernel module overhead.
Secure Boot Compatible: The kernel module is signed and compatible with UEFI Secure Boot configurations.

Installation

Step 1: Install the base True Protection package using your distribution package manager.
Step 2: Install the kernel module package: sudo apt install tpj-kmod (Debian/Ubuntu) or sudo dnf install tpj-kmod (RHEL/Fedora).
Step 3: Load the module: sudo modprobe tpj_protect.
Step 4: Verify the module is loaded: lsmod | grep tpj.

The kernel module is rebuilt automatically when the kernel is updated via DKMS (Dynamic Kernel Module Support).