O Plameras wrote: ------SNIPPED--------- >But you still have to harden your total system. >We learn from previous experience, it is a bad >habit to leave a crow bar around when parking a >car. Otherwise, some smart hacker will find more >and larger holes and tunnels in the complex >laryrinths of kernel modules and components >instead of limited, narrowed, and restricted pathways. ------SNIPPED---------
Hi, May I share what we do at our company in general. There is a standing policy at all our sites to recompile Linux kernels before a new one is implemented. This is done by removing unnecessary and unused modules. Implementation is ensured by providing a copy of the config-XXX-XXX to HQ. Quality assurance engineers audit sites and ascertain that config-XXX-XXX as submitted tallies with the running system. Config-XXX-XXX is decided before hand by our IT Security Team. Just one of the ways our company controls IT security. PG -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
