Short question:
Is there a way to prevent the kernel from allowing loadable modules?
Thought process --
---
With the advent of the kernel-loadable root kit, intrusion detection has
gotten a bit more complicated. Is there a _simple_ solution to detecting the
presence of a kernel-based root kit once it is running?
Scenario:
System is violated,
Root kit is installed,
Root kit [binaries] are deleted from the machine.
Solution:
Reboot machine
How does one DETECT that the root kit is there in the first place to know to
reboot it?
Thanks,
Deepak Jain
AiNET
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
