Re: single module compile
Mensaje citado por Bernd Eckenfels <lists@lina.inka.de>:
> On Sun, Jul 06, 2003 at 01:00:13PM -0500, José Guzmán wrote:
> > This practice, at least over here, aids in improving sysadmin sleep at
> night.
>
> this is a very false asumption. If somebody is able to trojan your kernel
> with a loadable module, he is also able to simply install a new kernel with
> a trojan in it.
>
> Dont bet your sleep on it.
You´re quite right about this, it´s all meaningless if you can´t realize
if/when the box has been compromised (rebooted, and with a different kernel).
But that´s why IDS is for, with a properly configured tripwire or integrit
setup, with integrity databases in a read only medium, and maybe with remote
monitoring and logging, you´ll sleep better at night too ;).
Now a worry that remains is physical access to the machine room...
There´s no single practice that will guarantee a safe operation, and I believe
that not even a combination of all known good practices can be 100% secure, but
at least the risk is reduced by combining several methods with a bit of good old
paranoia.
>
> Greetings
> Bernd
> --
> (OO) -- Bernd_Eckenfels@Wendelinusstrasse39.76646Bruchsal.de --
> ( .. ) ecki@{inka.de,linux.de,debian.org} http://home.pages.de/~eckes/
> o--o *plush* 2048/93600EFD eckes@irc +497257930613 BE5-RIPE
> (O____O) When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl!
>
>
> --
> To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
>
José
---
"The obvious mathematical breakthrough would be development of an easy way to
factor large prime numbers." Bill Gates, The Road Ahead
---
Reply to: