http://rpmfind.rediris.es/rpm2html/suse-8.2/secumod-1.6e-91.i586.html
Nice description, but as far, as I know this kernelmodule does following. The system is been protected by disallowing several things - 'texec' : TPE protection (more on this later) - 'procfs' : procfs protection - 'hardlink' : hardlink create protection - 'symlink' : symlink follow protection - 'rawdisk' : rawdisk protection - 'pipe' : Pipe (FIFO) protection - 'trace' : process trace protection - 'systable' : syscall table checking - 'logging' : if you want logging, turn this on - 'persist' : by default this is set to 0, so the module can be unloaded, but you may set it to 1 to make it unremovable - 'capbits' : set the capbits value. You have to supply a certain mode for the capbits variable. Hardlink/symlinkprotection protects the system from making this links for users. Persist sets a capability that the module cannot be unloaded. Capbits are kernelbits, that define certain rights even for root - in normal case root could do allmost anything. Like in all cases you have to know, what you do, because with that module loaded some processes will not have the full rights they need. For example I tried a /proc protection module and hotplug freezed after that (not funny). There is no real desription of anything reguarding that module and I don't know, which bits to set and which not! Another thing is the opensource thing within that modules, because you can only use them on SuSE (with some disadvantages you can use the firewallscript on Debian and Red Hat). It is allways a nice thing to make more a secret of a thing, than describing, how it works. Philippe