Re: Kernel security advice

To: campbellm@cia.com.au
Cc: debian-security@lists.debian.org
Subject: Re: Kernel security advice
From: Alvin Oga <aoga@ns.Linux-Consulting.com>
Date: Fri, 18 Feb 2005 15:38:46 -0800 (PST)
Message-id: <[🔎] Pine.LNX.3.96.1050218153154.28812A-100000@Maggie.Linux-Consulting.com>
In-reply-to: <[🔎] 20050218224244.GO27881@cia.net.au>


On Sat, 19 Feb 2005 campbellm@cia.com.au wrote:

> On Fri, Feb 18, 2005 at 08:11:28AM -0500, Michael Stone wrote:
> > On Fri, Feb 18, 2005 at 05:07:40PM +1100, campbellm@cia.com.au wrote:
> > >I like using non-modular kernels to prevent LKMs
> > 
> > Of course, running a non-modular kernel doesn't prevent kernel rootkits. 
> 
> yes - and I have been the victim of one of these (the 'suckit' rootkit).
> But at least using non-modular kernels prevents one class of attacks...

other (secure) kernel options ..

	http://Linux-Sec.net/Kernel

	some are too much for me to understand its benefits
	vs running generically

- i usually also install libsafe in some attempt to prevent buffer
  overflow of apps ( if that works as advertised )

- i usually take 1 min to patch the generic kernel with openwall

- i usually turn on all the security options at the end of the 
	"make xconfig"
	/tmp, /proc, ..

- i usually change kernel params for syncookies

- do more network, system and suser hardening which i think is more 
  important than the kernel security tweeking(addon) options ?

- endless list of hardening .. how much is good enough ??

- if it's simple to understand and takes "30 seconds" to implement,
  it'd be a good thing to do

c ya
alvin

Reply to:

References:
- Re: Kernel security advice
  - From: campbellm@cia.com.au

Prev by Date: Re: Kernel security advice
Next by Date: unsubscribe
Previous by thread: Re: Kernel security advice
Next by thread: Re: Kernel security advice
Index(es):
- Date
- Thread