Mailinglist Archive: opensuse-security (195 mails)

< Previous Next >
Re: [suse-security] Antwort: Re: [suse-security] firewall-script doesn't start
  • From: Rainer Link <link@xxxxxxxxxxxxxxxxxxxx>
  • Date: Wed, 22 Mar 2000 12:48:11 +0100
  • Message-id: <38D8B2FB.5D773A16@xxxxxxxxxxxxxxxxxxxx>
kai.krebber@xxxxxxxxx wrote:

> >>Does the SuSE-fw need a modular kernel?
> >Yes, you may want to rebuild your kernel
> >to load the appropriate modules, unless
> >you want to modify the firewall script in init.d.
Well, as I do not use the SuSE fw script, I cannot comment on it

> O.K. - Then I will completely renounce the SuSE-firewall-script. The literature
> says that it's not a good idea, having a module-enabled kernel on a firewall and
> this attitude makes sense to me.
Well, in general I agree with you. But afaik the masq stuff (i.e.
ip_masq_ftp) works only as modules. If your are concerned of malicious
modules (1), you may use SecuMod (2) or LIDS (3). It prevents an
intruder from loading any modules after i.e. LIDS is sealed.

(1) malicious code can also be insert into the kernel via runtime kernel
patching. A paper including a sample implementation describes this for
2.0.x kernels.

(2) imho SecuMod comes with SuSE >= 6.3
(3) Linux Intrusion Detection System (LIDS): www.lids.org or
www.de.lids.org. I was working on a SuSE-LIDS-HowTo (including some
patches to the boot scripts, which are needed due to the LIDS concept),
but it isn't yet finished and not public available .

HTH

cu, Rainer
--
Member of Virus Help Munich (www.vhm.haitec.de) | Rainer Link
Member of AMaViS Development Team (amavis.org) | rainer@xxxxx
Maintainer FAQ "antivirus for Linux" (av-linux.w3.to) | rainer.w3.to

< Previous Next >
Follow Ups
References