Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Linux kernel Security
Special Forums Cybersecurity Linux kernel Security Post 302461036 by remi75 on Friday 8th of October 2010 09:23:19 AM
Old 10-08-2010
Quote:
Originally Posted by Vabiosis
Hey Folks,

What are the ways we can provide security to kernels.

How can I make my Kernel Unique and not allow anyone to replace my Unique kernel with a standard one.

How can i implement measures to avoid any user to replace or modify GRUB and Kernel...?

Need help on this
Thank you
yup recompile the kernel, and if you can/know how/or learn , disable ALL what is not necessary ... for example -- really just an example--- if you wont use iptables, disable ip filtering ... same with hardware drivers etc ... no RAID card, disable raid drivers ...

replace a kernel and/or grub cannot be done by a non root user .

If you mean phisically ... like when stiking the drive on another machine ...
you can have kenel/boot loader on a ReadOnly media :

usb card/stick , dvd/ cdrom / even a floppy ... (that you make readOnly Smilie )

plus you can install tripwire so you get alerted whenever some tryes to Smilie

and for a mega paranoids : do not even enable module loading Smilie because actually root-kits are modules or some rootkits are if i remember ,
so IF you can , because some drivers cant be inside the kernel , compile all the necessary drivers statically in the kernel .

as a bonus, you kernel will be faster Smilie

but dont forget , if u need some option / or driver, you will have to compile a whole new kernel that will include your new things .

so its long to prepare , but fast and secure to use (relatively)

another funny one, if u need your .config, print it and put it in a safe,
and disable it in the kernel too, otherwise it will be readable thru /proc/something i think ,
and if you are courageous, change the version number manually
so ; there will be no information about your kernel version, and how it was compiled.
From there ... there is therotically now way to break into your kernel .
Last edited by remi75; 10-08-2010 at 10:57 AM..
 

LEARN ABOUT LINUX

tailf

TAILF(1)						     Linux Programmer's Manual							  TAILF(1)

NAME

       tailf - follow the growth of a log file

SYNOPSIS

       tailf [OPTION] file

DESCRIPTION

       tailf will print out the last 10 lines of a file and then wait for the file to grow.  It is similar to tail -f but does not access the file
       when it is not growing.	This has the side effect of not updating the access time for the file, so a filesystem flush does not occur  peri-
       odically when no log activity is happening.

       tailf is extremely useful for monitoring log files on a laptop when logging is infrequent and the user desires that the hard disk spin down
       to conserve battery life.

       Mandatory arguments to long options are mandatory for short options too.

       -n, --lines=N, -N
	      output the last N lines, instead of the last 10.

AUTHOR

       This program was originally written by Rik Faith (faith@acm.org) and may be freely distributed under the  terms	of  the  X11/MIT  License.
       There is ABSOLUTELY NO WARRANTY for this program.

       The latest inotify based implementation was written by Karel Zak (kzak@redhat.com).

SEE ALSO

       tail(1), less(1)

AVAILABILITY

       The tailf command is part of the util-linux package and is available from ftp://ftp.kernel.org/pub/linux/utils/util-linux/.

								 13 February 2003							  TAILF(1)
All times are GMT -4. The time now is 11:26 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy