Roman Drahtmueller wrote:
Experimenting with a firewall I compiled a monolithic kernel with masquerading and without loadable module support so as to make it
Removing loadable module support from the kernel doesn't really improve the security of the host for two reasons:
1) An attacker could easily install a kit'ed kernel and wait for its boot, regardless of kmod configured or not.
Offcourse to be secure (in this case after a break in) it would not be the only measure taken. Tripwire for one takes care of detecting changes for files. This does not work for files that have an unexamined name, like a loadable module that is listed as whoeverreadsthisisastupidsomething. But /etc/lilo.conf and /boot/vmlinuz would be two of them. Also the kernel would be made on another machine. A compiler would even not be present. And if modprobe is out how about insmod, does this work from any directory or only lib modules
2) If you did configure loadable module support into the kernel, an attacker must be root to put the module in place or even load it. If this is the case then goto 1).
Obtaining root rights is the first goal, keeping them second and nosing on the disk and network the third. Installing a DoS slave another. First line of defense is not getting cracked, second line is early detection and lessening the damage by hardening the lot.
With the exception of cryptographical methods ( -> key length), increasing the attack difficulty level (also wrt time expense) doesn't contribute much to security.
I cannot see the reasoning for this statement, to me increasing the difficulties means that the amount of people that have the time, means and motivation to crack my system decreases steeply. Which increases security or should we say integrity of the system. BB, Arjen -- Sell what you use, use what you sell.