Re: Kernel options for server use

From: Tim Haynes (
Date: 03/15/04

Date: Sun, 14 Mar 2004 23:00:09 +0000

jealousxmp@aol.commonplace (jealous xmp) writes:

>>While building a new kernel, which is only to be for a web server, I
>>wondered if it would be a good idea to disable support for loadable
>>kernel modules? I couldn't think of any good reasons why a server
>>would need this.
> So you have to recompile before loading a kernel-mode rootkit. Argh.

Erm.. No? There was an article a year or more ago where modules were
effectively loaded into a running kernel without using the regular insmod
calls. So, while this used to be a relatively effective way of putting a
hurdle in a cracker's way, I wouldn't be surprised if it ceases to be
particularly useful sooner rather than later.


  22:58:54 up 103 days,  2:14,  0 users,  load average: 0.64, 0.55, 0.30 |Morning dawning /   |With life abounding