Re: Locking Down a Linux Server

From: Jose Nazario (jose@biocserver.BIOC.cwru.edu)
Date: 01/08/02


Date: Tue, 8 Jan 2002 11:19:06 -0500 (EST)
From: Jose Nazario <jose@biocserver.BIOC.cwru.edu>
To: Björn Eriksson <bjorn@bjornen.nu>

On Tue, 8 Jan 2002, [iso-8859-1] Björn Eriksson wrote:

> Agreed. Has grsequrity.net, openwall or anyone else produced a kernel-
> patch which only allows signed executables to run?

immunix has a product that can do this. its very, very nice ... it uses
hash signatures to control the veracity of the executable. 'subdomain' is
the product, part of their commercial Immunix SDK.

____________________________
jose nazario jose@cwru.edu
                           PGP: 89 B0 81 DA 5B FD 7E 00 99 C3 B2 CD 48 A0 07 80
                                       PGP key ID 0xFD37F4E5 (pgp.mit.edu)