On Sun, Dec 25, 2011 at 12:08:57PM +0000, Philipp Kern wrote: > On 2011-12-25, Stephan Seitz <stse+deb...@fsing.rootsland.net> wrote: > > All admins I know have at least some servers with custom kernels (in the > > past it was said, to build your firewall/server kernels without module > > support, so that no rootkit module could be loaded). > > No longer needed. See /proc/sys/kernel/modules_disabled.
That's not equivalent - an attacker that can load modules can also remove the init script that sets this variable to 1 and reboot the machine. For proper safeguarding you still want no module support in the kernel at all. regards, iustin -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20111226103810.ga1...@teal.hq.k1024.org
