Re: Kernel security advice
On Sat, 19 Feb 2005 firstname.lastname@example.org wrote:
> On Fri, Feb 18, 2005 at 08:11:28AM -0500, Michael Stone wrote:
> > On Fri, Feb 18, 2005 at 05:07:40PM +1100, email@example.com wrote:
> > >I like using non-modular kernels to prevent LKMs
> > Of course, running a non-modular kernel doesn't prevent kernel rootkits.
> yes - and I have been the victim of one of these (the 'suckit' rootkit).
> But at least using non-modular kernels prevents one class of attacks...
other (secure) kernel options ..
some are too much for me to understand its benefits
vs running generically
- i usually also install libsafe in some attempt to prevent buffer
overflow of apps ( if that works as advertised )
- i usually take 1 min to patch the generic kernel with openwall
- i usually turn on all the security options at the end of the
/tmp, /proc, ..
- i usually change kernel params for syncookies
- do more network, system and suser hardening which i think is more
important than the kernel security tweeking(addon) options ?
- endless list of hardening .. how much is good enough ??
- if it's simple to understand and takes "30 seconds" to implement,
it'd be a good thing to do