modules

quinte quinte17 at gmx.de
Tue Jan 6 17:20:52 PST 2004


> The argument for disabling loadble modules (using a monolithic
> kernel) is that they make an easy, well-documented path for an
> intruder who has broken root to install kernel modules that change
> the behavior of the OS, to make a rootkit that conceals intrusions
> or leaves backdoors or whatever, even in the face of audit apps that
> the intruder didn't know about.

mhh do u know lids? http://www.lids.org
the linux intrusion detectino project. here u are able to deny even root
from doing anything... this could be a solution (far far away)

just a thought

Stephan Sperber




More information about the hlfs-dev mailing list