Kernel w/o loadable mods, for security?
John (EBo) David
plug-discuss@lists.PLUG.phoenix.az.us
Sat, 28 Jul 2001 05:32:21 -0700
foodog wrote:
>
> I'm putting the finishing touches on a mail server. Once it's done,
> I'll never get to touch it again unless the hardware catches fire (it
> may get a day or two off next June).
>
> It's looking like a good idea to build a newer kernel to get really
> happy reiserfs. I'm considering leaving out support for loadable
> modules to make things inconvenient for the hypothetical cracker who may
> try to homestead on it. Kmod rootkits are high on my nightmare list.
homestead? I am not aware of this term in this context. Where can I
read about the Kmod rootkits -- as if I needed more cause for wory...
> Can someone suggest a good way to determine what to include in a
> monolithic kernel? Any thoughts about no loadable modules as a security
> measure?
This is outside of my expertise, but I would polish a server down to
what I both need and would resonably expect to set up in the future, and
then recompile the kernal in the same configuration just without module
support.
If I was running a real mail server (for more than just myself and a
couple of friends) I would be REALLY tempted to set up an old small
machine with the same configuration that I could do developmental
upgrades on to test...
EBo --