Re: single module compile
Mensaje citado por Shango Oluwa <debw@wenzani.worldonline.co.uk>:
> Dear companions,
>
> Following insight into the automatic route table entries by kernel 2.2.20
> (thanks Bernd!)
> I have been advised to compile network interfaces on my firewall router as
> modules.
> This makes sense to me, as the cards can be ifup'ed and ifdown'ed on the
> fly, and
> additionally it is supposed to improve security vs. bad boys...(any
> comments regarding this?)
It's secure against the recent lkm exploits, as well as against the
undetectable rootkits which are implemented as loadable kernel modules.
But in order to do this, (the price to pay that is) you have to compile every
used driver statically into the kernel, not just the network drivers, and also,
disable loadable module support from the kernel.
This practice, at least over here, aids in improving sysadmin sleep at night.
>
> Well, now I face the challenge of adding an 8139too module for eth1.
> eth0 (eepro100.c) was modularised during kernel compile, as the driver is
> explicitly visible
> in menuconfig - but I could not see rtl8139 or 8139too anywhere in the
> menu.
You´d be better off with a 2.4.21 kernel, in a recent Debian weekely news note
<http://www.debian.org/News/weekly/2003/24/> there's a link to an explanation
on using kernel-package, or you could compile your own kernel in the good 'ol
way (as is suggested in the kernel howto).
José
---
"The obvious mathematical breakthrough would be development of an easy way to
factor large prime numbers." Bill Gates, The Road Ahead
---
Reply to: