Wow, you got it :) That's an excellent point ...
Anyway, once I had a problem compiling a kernel for a firewall server. I
tried to compile it with no modules. I had to include on kernel: SCSI
driver, IDE driver for CD-ROM, 2 NIC drivers, all netfilter stuff and some
necessary stuff like commonly used codepages and some others. And, of
course, no soundcard and no other small stuff that I'd use on a desktop
machine.
The problem is the resulting kernel was big and lilo refuses to install
it, regarding it was too big. I've tried several times but seems I really
had the smallest kernel for that machine. So, in this case, I really had to
use modules. At least in this situation users had no shell access at all to
it.
But, how about stopping this modules discussion as it's getting somehow
off topic ?? :)
Sincerily,
Leonardo Rodrigues
----- Original Message -----
From: "Ralf Hemmann" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, March 15, 2002 3:13 PM
Subject: OT: Re to Leonardo talking about modules
>
> > Why get your floppy driver ( +- 70K ) into the
> > main kernel of my servers if i'll probably use it no more than 2 times a
> > week ???
>
> The answer is simple:
>
> For security reasons on firewalls (and other servers espacially with user
> shell accounts) you should always use, if possible,
> a kernel with no module support at all.
>
> One exeption is if you use a special module that hardens the security like
> lids.
>
> This is easy to do, because a firewall do not need a lot of drivers in the
> kernel (nics, ide, netfilter,filesystem,networking ... not much more)
>
> And by the way - RAM is cheap like dirt ;-)
>
