On Sat, Jul 07, 2001 at 10:23:18PM -0400, Benjamin Scott wrote:
> If you are worried about this kind of attack (and I'm not saying it isn't
> worth worring about), you need to do more than just build a kernel without
> loadable module support. Something like LIDS would be appropriate. I
> understand LIDS actually tries to protect the running system from subversion,
> e.g., by preventing even the root user from writing to un-approved kernel
> memory.
Yes, I agree... but I never said you shouldn't also use one or (even
better) several IDS tools! For a system connected to the Internet,
even "protected" by a firewall, this is ALWAYS a good idea. Because,
like you said, it's otherwise impossible to be _certain_ that your
system has not been compromised. This would be an example of
practicing defense in depth...
--
---------------------------------------------------
Derek Martin | Unix/Linux geek
[EMAIL PROTECTED] | GnuPG Key ID: 0x81CFE75D
Retrieve my public key at http://pgp.mit.edu
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
