Quote:
Originally Posted by
Vabiosis
Hey Folks,
What are the ways we can provide security to kernels.
How can I make my Kernel Unique and not allow anyone to replace my Unique kernel with a standard one.
How can i implement measures to avoid any user to replace or modify GRUB and Kernel...?
Need help on this
Thank you
yup recompile the kernel, and if you can/know how/or learn , disable ALL what is not necessary ... for example -- really just an example--- if you wont use iptables, disable ip filtering ... same with hardware drivers etc ... no RAID card, disable raid drivers ...
replace a kernel and/or grub cannot be done by a non root user .
If you mean phisically ... like when stiking the drive on another machine ...
you can have kenel/boot loader on a ReadOnly media :
usb card/stick , dvd/ cdrom / even a floppy ... (that you make readOnly
)
plus you can install tripwire so you get alerted whenever some tryes to
and for a mega paranoids : do not even enable module loading
because actually root-kits are modules or some rootkits are if i remember ,
so IF you can , because some drivers cant be inside the kernel , compile all the necessary drivers statically in the kernel .
as a bonus, you kernel will be faster
but dont forget , if u need some option / or driver, you will have to compile a whole new kernel that will include your new things .
so its long to prepare , but fast and secure to use (relatively)
another funny one, if u need your .config, print it and put it in a safe,
and disable it in the kernel too, otherwise it will be readable thru /proc/something i think ,
and if you are courageous, change the version number manually
so ; there will be no information about your kernel version, and how it was compiled.
From there ... there is therotically now way to break into your kernel .
10-08-2010
