Re: Kernel-Question
hi Matthias, On Fri, 28 Nov 2003 10:47:50 +0100 Matthias Wieser <[EMAIL PROTECTED]> wrote: > Does it make sense to use module-disabled kernels to prevent root kits to be > used with a kernel? afaik, yes. set CONFIG_MODULES to no. just not compiling any modules is not enough. f. soul. -- , , / \GNU's not Unix ((__-^^-,-^^-__)) `-_---' `---_-' Funky Soul `--|o` 'o|--' \ ` / funkysoul@ ): :( swissonline.ch :o_o: "-"
Re: Kernel-Question
Op vr 28-11-2003, om 10:47 schreef Matthias Wieser: Matthias, AFAIK NO, it doesn't. There were programs to ENABLE modules on a module-disabled kernel. > Does it make sense to use module-disabled kernels to prevent root kits to be > used with a kernel? > > Thank you, Matthias Wieser Regards, Diederik de Vries Rotterdam, The Netherlands
Re: Kernel-Question
On Fri, 28 Nov 2003, Matthias Wieser wrote: > Does it make sense to use module-disabled kernels to prevent root kits to be > used with a kernel? There are other ways to insert code into a running kernel. However, it may break some automated worms or stop script kiddies who don't quite know what they are doing and what to do if their module insertion fails. If you are serious about it, and want to spend the time needed to configure things properly, use grsecurity or SELinux or similar approaches. just my 2¢... Giacomo -- _ Giacomo Mulas <[EMAIL PROTECTED]> _ OSSERVATORIO ASTRONOMICO DI CAGLIARI Str. 54, Loc. Poggio dei Pini * 09012 Capoterra (CA) Tel. (OAC): +39 070 71180 248 Fax : +39 070 71180 222 Tel. (UNICA): +39 070 675 4916 _ "When the storms are raging around you, stay right where you are" (Freddy Mercury) _
Re: Kernel-Question
hi Matthias, On Fri, 28 Nov 2003 10:47:50 +0100 Matthias Wieser <[EMAIL PROTECTED]> wrote: > Does it make sense to use module-disabled kernels to prevent root kits to be > used with a kernel? afaik, yes. set CONFIG_MODULES to no. just not compiling any modules is not enough. f. soul. -- , , / \GNU's not Unix ((__-^^-,-^^-__)) `-_---' `---_-' Funky Soul `--|o` 'o|--' \ ` / funkysoul@ ): :( swissonline.ch :o_o: "-" -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Kernel-Question
Op vr 28-11-2003, om 10:47 schreef Matthias Wieser: Matthias, AFAIK NO, it doesn't. There were programs to ENABLE modules on a module-disabled kernel. > Does it make sense to use module-disabled kernels to prevent root kits to be > used with a kernel? > > Thank you, Matthias Wieser Regards, Diederik de Vries Rotterdam, The Netherlands -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Kernel-Question
On Fri, 28 Nov 2003, Matthias Wieser wrote: > Does it make sense to use module-disabled kernels to prevent root kits to be > used with a kernel? There are other ways to insert code into a running kernel. However, it may break some automated worms or stop script kiddies who don't quite know what they are doing and what to do if their module insertion fails. If you are serious about it, and want to spend the time needed to configure things properly, use grsecurity or SELinux or similar approaches. just my 2¢... Giacomo -- _ Giacomo Mulas <[EMAIL PROTECTED]> _ OSSERVATORIO ASTRONOMICO DI CAGLIARI Str. 54, Loc. Poggio dei Pini * 09012 Capoterra (CA) Tel. (OAC): +39 070 71180 248 Fax : +39 070 71180 222 Tel. (UNICA): +39 070 675 4916 _ "When the storms are raging around you, stay right where you are" (Freddy Mercury) _ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]