|
|
Sponsored Content
Special Forums
Cybersecurity
Linux kernel Security
Post 302461036 by remi75 on Friday 8th of October 2010 09:23:19 AM
10-08-2010
Quote:
Hey Folks,
What are the ways we can provide security to kernels.
How can I make my Kernel Unique and not allow anyone to replace my Unique kernel with a standard one.
How can i implement measures to avoid any user to replace or modify GRUB and Kernel...?
Need help on this
Thank you
What are the ways we can provide security to kernels.
How can I make my Kernel Unique and not allow anyone to replace my Unique kernel with a standard one.
How can i implement measures to avoid any user to replace or modify GRUB and Kernel...?
Need help on this
Thank you
replace a kernel and/or grub cannot be done by a non root user .
If you mean phisically ... like when stiking the drive on another machine ...
you can have kenel/boot loader on a ReadOnly media :
usb card/stick , dvd/ cdrom / even a floppy ... (that you make readOnly
)plus you can install tripwire so you get alerted whenever some tryes to
and for a mega paranoids : do not even enable module loading
because actually root-kits are modules or some rootkits are if i remember ,so IF you can , because some drivers cant be inside the kernel , compile all the necessary drivers statically in the kernel .
as a bonus, you kernel will be faster
but dont forget , if u need some option / or driver, you will have to compile a whole new kernel that will include your new things .
so its long to prepare , but fast and secure to use (relatively)
another funny one, if u need your .config, print it and put it in a safe,
and disable it in the kernel too, otherwise it will be readable thru /proc/something i think ,
and if you are courageous, change the version number manually
so ; there will be no information about your kernel version, and how it was compiled.
From there ... there is therotically now way to break into your kernel .
Last edited by remi75; 10-08-2010 at 10:57 AM..
|
|
LEARN ABOUT SUNOS
bscv
bscv(7D) Devices bscv(7D) NAME
bscv, bscbus, i2bsc - Blade support chip interface driver DESCRIPTION
The bscv, bscbus and i2bsc drivers interface with the Blade support chip used on Sun Microsystem's Blade server products. These drivers provide a conduit for passing control, environmental, cpu signature and event information between Solaris and the Blade support chip. These drivers do not export public interfaces. Instead they make information available via picl, prtdiag, prtfru and related tools. In addition, these drivers log Blade support chip environmental event information into system logs. FILES
/platform/sun4u/kernel/drv/sparcv9/bscbus 64-bit ELF kernel driver /platform/sun4u/kernel/drv/sparcv9/bscv 64-bit ELF kernel driver /platform/sun4u/kernel/drv/sparcv9/i2bsc 64-bit ELF kernel driver /platform/i86pc/kernel/drv/bscbus 32-bit ELF kernel file (x86 only) /platform/i86pc/kernel/drv/bscv 32-bit ELF kernel file (x86 only) ATTRIBUTES
See attributes(5) for descriptions of the following attributes: +-----------------------------+-----------------------------+ |ATTRIBUTE TYPE |ATTRIBUTE VALUE | +-----------------------------+-----------------------------+ |Architecture |Limited to systems with | | |Blade Support Chip | +-----------------------------+-----------------------------+ |Availability |SUNWcar.u, SUNWcar.i | +-----------------------------+-----------------------------+ SunOS 5.10 22 August 2003 bscv(7D)