grsecurity forums


https://forums.grsecurity.net./

how to enable "Runtime module disabling" in Custom config ?

https://forums.grsecurity.net./viewtopic.php?f=3&t=2701

Page 1 of 1

how to enable "Runtime module disabling" in Custom config ?

PostPosted: Sat Jul 23, 2011 8:25 pm
by perlish
I thought "Runtime module disabling" is a cool stuff to avoid LKM rootkit,but how can I enable it in Custom config ?

Re: how to enable "Runtime module disabling" in Custom confi

PostPosted: Sat Jul 23, 2011 11:45 pm
by spender
viewtopic.php?f=3&t=2187&p=9234&hilit=modules_disable#p9234

-Brad

Re: how to enable "Runtime module disabling" in Custom confi

PostPosted: Mon Jul 25, 2011 12:48 am
by perlish
modules_disabled can be set in the rc.local or sysctl.conf.
We can make sure that lkm rootkit must load after the modules_disable turning on ?
if the hacker use adore-ng to relink some modules,I guess the adore-ng can load successful.

Re: how to enable "Runtime module disabling" in Custom confi

PostPosted: Mon Jul 25, 2011 7:58 am
by spender
They can also modify the kernel to backdoor the system on the next reboot. The feature in mainline is essentially the same as the one I had: it only prevents loading modules after the point you specify, until a reboot. If being able to load modules at all is a problem, then just disable module support. Otherwise, you need to be using RBAC.

-Brad
All times are UTC - 5 hours [ DST ]
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/