[EMAIL PROTECTED] wrote:
[cut]
> A simple approach for Linux would be something like this:
[cut]
> Any other ideas on preventing untrusted modules from being loaded or replaced
> and loaded as an existing 'trusted' module?
Well, one of the key features of the Linux Intrusion Detection System
Patch (imho the name is a little bit misleading) is "Modules protection:
Lock module insertion/removing. After your modules inserteds, you can
lock any other insmod/rmmod by issuing a echo 1 >
/proc/sys/lids/lock_modules"
See http://www.soaring-bird.com.cn/oss_proj/lids/
HTH
best regards,
Rainer Link
--
Rainer Link, eMail: [EMAIL PROTECTED], WWW: http://rainer.w3.to/
Student of Communication Engineering/Computer Networking, University of
Applied Sciences,Furtwangen,Germany,http://www.ce.is.fh-furtwangen.de/
