On Mon, Dec 26, 2011 at 11:38:10AM +0100, Iustin Pop wrote: > > > All admins I know have at least some servers with custom kernels (in the > > > past it was said, to build your firewall/server kernels without module > > > support, so that no rootkit module could be loaded). > > > > No longer needed. See /proc/sys/kernel/modules_disabled. > > That's not equivalent - an attacker that can load modules can also > remove the init script that sets this variable to 1 and reboot the > machine. Why can't the same attacker replace the kernel? > For proper safeguarding you still want no module support in the kernel > at all. > > regards, > iustin > > -- WBR, wRAR
Attachment:
signature.asc
Description: Digital signature