i know this will probably start a religous debate, but if at all possible, i disable the use of LKMs for kernels on bastion hosts. what are the chances that any LKM developed for security will also have the ability to be compiled into the kernel? if not, we've hacked modutils to only load specific modules and give a generic, innocent syslog message if/when somebody tries to load a 'non-registered' module. of course, this is primarily 'security by obscurity.' another idea is, as kurt mentions, the ability to "turn off" modules after boot. thoughts? - brett
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:15:30 PDT