Mailinglist Archive: opensuse-security (334 mails)

< Previous Next >
Re: [suse-security] Secumod Kernel Module
  • From: "Philippe Vogel" <filiaap@xxxxxxxxxx>
  • Date: Sun, 21 Sep 2003 21:45:06 +0200
  • Message-id: <00f601c38078$dee7f440$52ef5b86@xxxxxxxxxxxxxxxxxx>
> http://rpmfind.rediris.es/rpm2html/suse-8.2/secumod-1.6e-91.i586.html

Nice description, but as far, as I know this kernelmodule does following.
The system is been protected by disallowing several things

- 'texec' : TPE protection (more on this later)

- 'procfs' : procfs protection

- 'hardlink' : hardlink create protection

- 'symlink' : symlink follow protection

- 'rawdisk' : rawdisk protection

- 'pipe' : Pipe (FIFO) protection

- 'trace' : process trace protection

- 'systable' : syscall table checking

- 'logging' : if you want logging, turn this on

- 'persist' : by default this is set to 0, so the module can be unloaded,
but you may set it to 1 to make it unremovable

- 'capbits' : set the capbits value. You have to supply a certain mode for
the capbits variable.

Hardlink/symlinkprotection protects the system from making this links for
users.
Persist sets a capability that the module cannot be unloaded.
Capbits are kernelbits, that define certain rights even for root - in normal
case root could do allmost anything.

Like in all cases you have to know, what you do, because with that module
loaded some processes will not have the full rights they need.
For example I tried a /proc protection module and hotplug freezed after that
(not funny).
There is no real desription of anything reguarding that module and I don't
know, which bits to set and which not!

Another thing is the opensource thing within that modules, because you can
only use them on SuSE (with some disadvantages you can use the
firewallscript on Debian and Red Hat).

It is allways a nice thing to make more a secret of a thing, than
describing, how it works.

Philippe



< Previous Next >