That was my original thought, but with something like a honeypot I wouldn't want to just turn off lsmod, since that would be a way to tell that the system was abnormal and perhaps fingerprint the system for what it is. -Titus On Thu, 14 Jun 2001, Chris Wright wrote: > * Titus D. Winters (titusat_private) wrote: > > Can I get a feel for the idea of having a hook that will govern letting a > > module be detected? I can imagine there are some securiyt modules (mine > > for example) that would rather not broadcast their existence via someone > > running lsmod. I think I know where to add it already. > > I'd feel better about letting vfs hooks handle /proc/modules and placing > a generic query hook in sys_query_modules. this would simply allow you > to turn on/off lsmod altogether. checking each module in a read of > /proc/modules or sys_query_modules seems too specific. > > -chris > > _______________________________________________ > linux-security-module mailing list > linux-security-moduleat_private > http://mail.wirex.com/mailman/listinfo/linux-security-module > _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Thu Jun 14 2001 - 16:24:29 PDT