[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Kernel security advice

On Sat, 19 Feb 2005 campbellm@cia.com.au wrote:

> On Fri, Feb 18, 2005 at 08:11:28AM -0500, Michael Stone wrote:
> > On Fri, Feb 18, 2005 at 05:07:40PM +1100, campbellm@cia.com.au wrote:
> > >I like using non-modular kernels to prevent LKMs
> > 
> > Of course, running a non-modular kernel doesn't prevent kernel rootkits. 
> yes - and I have been the victim of one of these (the 'suckit' rootkit).
> But at least using non-modular kernels prevents one class of attacks...

other (secure) kernel options ..


	some are too much for me to understand its benefits
	vs running generically

- i usually also install libsafe in some attempt to prevent buffer
  overflow of apps ( if that works as advertised )

- i usually take 1 min to patch the generic kernel with openwall

- i usually turn on all the security options at the end of the 
	"make xconfig"
	/tmp, /proc, ..

- i usually change kernel params for syncookies

- do more network, system and suser hardening which i think is more 
  important than the kernel security tweeking(addon) options ?

- endless list of hardening .. how much is good enough ??

- if it's simple to understand and takes "30 seconds" to implement,
  it'd be a good thing to do

c ya

Reply to: