Re: Kernel security advice
On Thu, Feb 17, 2005 at 07:51:13PM -0800, JM wrote:
> * Besides grsecurity patch, pax etc...What other recommendations are there
> to patch a kernel on a woody or sarge production server?
I like using non-modular kernels to prevent LKMs
> * Any experiences/opinions with the debian-hardened kernels?
I haven't used debian-specific hardened kernels, but have used generic
kernels, patched, with debian
I've used LIDS and grsecurity with some success. LIDS has easy to
configure ACLs (grsecurity ones are more complex but appear to offer a
few extra features. However, I've only just started looking at the grsec
ACLs). There is some good starter guides on ACLs under LIDS, but I have
yet to find a quick start for grsec, although I believe the author is
working on one.
The grsec team have released an up-to-date kernel patch for the latest
kernels (which block the uselib() exploit), but LIDS have yet to release
They both can block LKM and other kinds of root kits with minimal
configuration, which won't necessarily prevent root exploits, but will
stop attackers hiding them.
Here's a paper that might be worth a look:
> -JM. ?Estos d?as azules y este sol de la infancia ?(Antonio Machado-1939)
> To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact firstname.lastname@example.org