On Wed, Nov 21, 2012 at 11:50 AM, Alexey E. Suslikov <alexey.susli...@gmail.com> wrote: > Hello tech@. > > Following this > http://blog.crowdstrike.com/2012/11/http-iframe-injecting-linux-rootkit.html > > Besides of doing "#option LKM", is there any other way to disable modload(8)? > > Cheers, > Alexey >
modules can't be loaded during multiuser operation when securelevel is above 0. but that doesn't prevent someone with root privileges to modify /etc/rc.securelevel and load the module during boot.