Hi All During looking through security rpm's i' ve found a kernel module named "secumod" made by "SuSE Linux AG". But i cant find any documentation or explanation about it. What it is need for? Or where can i find any docs? Thnx Best regards, Maxim Cherniavsky MTU-Intel, Internet Department mailto:maxim@mtu.ru
During looking through security rpm's i' ve found a kernel module named "secumod" made by "SuSE Linux AG". But i cant find any documentation or explanation >about it. What it is need for? Or where can i find any docs?
did u try your favourite searchengine on this? there is a bazillion hits for it just an example http://old.lwn.net/1999/1202/a/susetools.html
how about this: /usr/share/doc/packages/secumod
I dont like to install securiry package before understanding well, what it
comes for :)
I think "/usr/share/doc/packages/blablabla" apears only after installation
of the package? Maybe i'm wrong?
----- Original Message -----
From: "Andreas Bittner"
how about this:
/usr/share/doc/packages/secumod
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
why are you giving yourself such a hard time. just extract the files within the rpm, there is the docs http://rpmfind.rediris.es/rpm2html/suse-8.2/secumod-1.6e-91.i586.html
http://rpmfind.rediris.es/rpm2html/suse-8.2/secumod-1.6e-91.i586.html
Nice description, but as far, as I know this kernelmodule does following. The system is been protected by disallowing several things - 'texec' : TPE protection (more on this later) - 'procfs' : procfs protection - 'hardlink' : hardlink create protection - 'symlink' : symlink follow protection - 'rawdisk' : rawdisk protection - 'pipe' : Pipe (FIFO) protection - 'trace' : process trace protection - 'systable' : syscall table checking - 'logging' : if you want logging, turn this on - 'persist' : by default this is set to 0, so the module can be unloaded, but you may set it to 1 to make it unremovable - 'capbits' : set the capbits value. You have to supply a certain mode for the capbits variable. Hardlink/symlinkprotection protects the system from making this links for users. Persist sets a capability that the module cannot be unloaded. Capbits are kernelbits, that define certain rights even for root - in normal case root could do allmost anything. Like in all cases you have to know, what you do, because with that module loaded some processes will not have the full rights they need. For example I tried a /proc protection module and hotplug freezed after that (not funny). There is no real desription of anything reguarding that module and I don't know, which bits to set and which not! Another thing is the opensource thing within that modules, because you can only use them on SuSE (with some disadvantages you can use the firewallscript on Debian and Red Hat). It is allways a nice thing to make more a secret of a thing, than describing, how it works. Philippe
I've tried google and suse.com, no rational hits :)
"SuSE Secumod - This loadable kernel module enhances the security of the
system "
It comes from the name of the package, but where details? :)
----- Original Message -----
From: "Andreas Bittner"
During looking through security rpm's i' ve found a kernel module named "secumod" made by "SuSE Linux AG". But i cant find any documentation or explanation >about it. What it is need for? Or where can i find any docs?
did u try your favourite searchengine on this? there is a bazillion hits for it just an example http://old.lwn.net/1999/1202/a/susetools.html
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
participants (3)
-
Andreas Bittner
-
Maxim Cherniavsky
-
Philippe Vogel