Mensaje citado por Shango Oluwa <[EMAIL PROTECTED]>: > Jos�, > > Apreciar tus consejo, but I don't get your meaning completely... > (problema de semantico) > > Do you mean that drivers should be compiled _into_ the kernel (statically) > or > as modules (dynamic?) ? So, what practice are you suggesting and what are > the benefits (more or less) ? >
The practice of compiling statically _into_ the kernel, and disabling the loading of modules feature in the linux kernel, won't allow loading of certain rootkits that work as modules. These rootkits can work without being detected, as they are part of the kernel, they have all the privileges, and can do everything. As mentioned by Bernd, the practice of disabling loadable modules alone, won�t secure the box by itself, but it aids in reducing risk, especially when combined with a properly configured Intrusion Detection System (IDS) like integrit (apt-get install integrit), and remote logging to a dedicated machine (man syslog), like mentioned in a previous message. As a side note, I�ve found that usb pendrives with a read-only switch, work wonderfully as integrity database containers, for when the database needs to be updated, it�s just a matter of flipping the switch while updating/rotating the record files. Although there�s always a window of time in which the integrity databases are writeable, it can be reduced by scripting this update process and having quick fingers. Properly configured IDSs won�t secure a box either, they�ll merely inform you that everything is OK, or otherwise in case the box has been compromised. Jos� ---
