> Interesting magazine - this month has a number of articles that I
> thought were interesting but this one caught my attention. Suggests that
> the day of the rootkit and 'poisoned' ls, ps etc. is/will be replaced
> with kernel modules that at the kernel level, can evade detection by
> typical security tools such as tripwire and at kernel level, can scrub
> itself from processes showing in things like top and ps.
>
> Seems as though the stakes of security administration is rising above
> and beyond the merely intelligent.
NetBSD has a cool feature called "verified exec" where fingerprints of
executables are loaded into the kernel and BSD security level is used so
that can't be changed (unless system is rebooted). The hashes are compared
before execution to prevent trojans.
http://netbsd.gw.com/cgi-bin/man-cgi?veriexecctl++NetBSD-2.0
http://netbsd.gw.com/cgi-bin/man-cgi?verifiedexec++NetBSD-2.0
Also, NetBSD has verification of allowed script interpreters before use.
Jeremy C. Reed
BSD News, BSD tutorials, BSD links
http://www.bsdnewsletter.com/
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
(text/plain)