On Thu, 2004-11-18 at 21:56 +0100, Jörg Harmuth wrote: > btb schrieb: > > > > > On Nov 18, 2004, at 14.22, Jörg Harmuth wrote: > > > >> Hi Ben, > >> > >>> > >>> what is the proper approach to achieving this? > >>> > >> I don't know what the proper approach is, but if everything works > >> correctly without ipv6 (I had problem without ipv6 some time ago, but > >> I can't really recall what was up there) why not compile a kernel > >> without ipv6 support ? This defenitely works, if it is a possibility > >> at all. And it gives you the chance to remove more things you don't > >> need from your kernel. > >> > >> Have a nice time > >> > >> Joerg > > > > > > hi joerg- > > > > thanks for replying. > > > > i did start down that road a bit - and found out i am not yet > > comfortable enough with that process to trust myself (very very new to > > debian). besides, isn't the idea of loading and unloading (or not > > loading) modules that you don't have to recompile your kernel for this > > type of thing? > > > > -ben > > Hi Ben, > > yes and no in my opinion. It is convenient to be able to disable kernel > features at load time (and of course rub´n-time). But they still exist > and an successful attacker could exploid one or more of them. For me > the better choice is to _realy_ disable them (those I don't need) in the > kernel configuration. If it's not there - what can you do with it ? > > If you have never done kernel configuration it is hard work. I mean > understanding all the things you should know for this. But in Debian > there is a convenient way to do this (it is said to be convenient, but I > never tried it - sorry, I don't even know the name of the package :( > Hey list, can you help ?) But in my opinion it's worth while. It serves > a lot of purposes.
I just let everything go. IPv6 is one of those troublesome modules. I just delete all the ipv6 modules (clearly there are other alternatives) and it works for me, I get 2 error messages during boot caused by them being gone. Not really a problem though. As it was deliberate. -- greg, [EMAIL PROTECTED] The technology that is Stronger, better, faster: Linux
signature.asc
Description: This is a digitally signed message part
