On Thu, Feb 17, 2005 at 07:51:13PM -0800, JM wrote: > Hello, > > * Besides grsecurity patch, pax etc...What other recommendations are there > to patch a kernel on a woody or sarge production server?
I like using non-modular kernels to prevent LKMs > * Any experiences/opinions with the debian-hardened kernels? I haven't used debian-specific hardened kernels, but have used generic kernels, patched, with debian I've used LIDS and grsecurity with some success. LIDS has easy to configure ACLs (grsecurity ones are more complex but appear to offer a few extra features. However, I've only just started looking at the grsec ACLs). There is some good starter guides on ACLs under LIDS, but I have yet to find a quick start for grsec, although I believe the author is working on one. The grsec team have released an up-to-date kernel patch for the latest kernels (which block the uselib() exploit), but LIDS have yet to release one. They both can block LKM and other kinds of root kits with minimal configuration, which won't necessarily prevent root exploits, but will stop attackers hiding them. Here's a paper that might be worth a look: http://www.dimva.org/dimva2004/materials/KrahmerPaper.pdf > > > -- > -JM. ?Estos d?as azules y este sol de la infancia ?(Antonio Machado-1939) > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
