On 2012/11/21 12:01, Mike Belopuhov wrote: > On Wed, Nov 21, 2012 at 11:50 AM, Alexey E. Suslikov > <[email protected]> wrote: > > Hello tech@. > > > > Following this > > http://blog.crowdstrike.com/2012/11/http-iframe-injecting-linux-rootkit.html > > > > Besides of doing "#option LKM", is there any other way to disable > > modload(8)? > > > > Cheers, > > Alexey > > > > modules can't be loaded during multiuser operation when > securelevel is above 0. but that doesn't prevent someone > with root privileges to modify /etc/rc.securelevel and load > the module during boot.
rc.securelevel could be marked schg with chflags..
