Re: Kernel options for server use
From: Tim Haynes (usenet-20040314_at_stirfried.vegetable.org.uk)
Date: Sun, 14 Mar 2004 23:00:09 +0000
firstname.lastname@example.org (jealous xmp) writes:
>>While building a new kernel, which is only to be for a web server, I
>>wondered if it would be a good idea to disable support for loadable
>>kernel modules? I couldn't think of any good reasons why a server
>>would need this.
> So you have to recompile before loading a kernel-mode rootkit. Argh.
Erm.. No? There was an article a year or more ago where modules were
effectively loaded into a running kernel without using the regular insmod
calls. So, while this used to be a relatively effective way of putting a
hurdle in a cracker's way, I wouldn't be surprised if it ceases to be
particularly useful sooner rather than later.
-- 22:58:54 up 103 days, 2:14, 0 users, load average: 0.64, 0.55, 0.30 email@example.com |Morning dawning / http://spodzone.org.uk/cesspit/ |With life abounding