Angus Lees wrote:
At Thu, 24 Feb 2005 22:37:42 +1100, Oscar Plameras wrote:
With my firewalls and other security critical servers, I require
recompiling kernels by removing all UNUSED and REDUNDANT modules as
'Removing' in the context of re-compiling kernel means 'disabling' kernel modules
through a process such as kernel configuration. It is NOT removing the physical
binary files. This is done with the command 'menuconfig' before running a series
of 'make' commands.
BTW, the production OS has source codes, headers, and compilers removed so there is no chance the hacker may re-configure and re-compile.
part of the audit process so, when I got a problem such as the one
illustrated above, I ONLY need to examine a few modules instead of
TONS of them.
Of course, nasty kernel code can be loaded and then the file containing that code deleted. (ie: modules on disk really have no relation to loaded modules). So this only really adds a level of inconvenience to hackers - assuming they wanted one of the standard modules (and it takes up less disk space if thats important too).
No one can load kernel codes other than loadable kernel modules(LKM) that are
'enabled'. If you try to load an LKM that is not configured the Kernel will not
allow it. And because only a dozen or so LKMs are enabled instead of, perhaps,
hundreds LKMs, it is easy to manage these.
-- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
