how to enable "Runtime module disabling" in Custom config ?
4 posts
• Page 1 of 1
how to enable "Runtime module disabling" in Custom config ?
by perlish » Sat Jul 23, 2011 8:25 pm
I thought "Runtime module disabling" is a cool stuff to avoid LKM rootkit,but how can I enable it in Custom config ?
- perlish
- Posts: 42
- Joined: Sun Jan 11, 2004 10:42 pm
Re: how to enable "Runtime module disabling" in Custom confi
by spender » Sat Jul 23, 2011 11:45 pm
- spender
- Posts: 2185
- Joined: Wed Feb 20, 2002 8:00 pm
Re: how to enable "Runtime module disabling" in Custom confi
by perlish » Mon Jul 25, 2011 12:48 am
modules_disabled can be set in the rc.local or sysctl.conf.
We can make sure that lkm rootkit must load after the modules_disable turning on ?
if the hacker use adore-ng to relink some modules,I guess the adore-ng can load successful.
We can make sure that lkm rootkit must load after the modules_disable turning on ?
if the hacker use adore-ng to relink some modules,I guess the adore-ng can load successful.
- perlish
- Posts: 42
- Joined: Sun Jan 11, 2004 10:42 pm
Re: how to enable "Runtime module disabling" in Custom confi
by spender » Mon Jul 25, 2011 7:58 am
They can also modify the kernel to backdoor the system on the next reboot. The feature in mainline is essentially the same as the one I had: it only prevents loading modules after the point you specify, until a reboot. If being able to load modules at all is a problem, then just disable module support. Otherwise, you need to be using RBAC.
-Brad
-Brad
- spender
- Posts: 2185
- Joined: Wed Feb 20, 2002 8:00 pm
4 posts
• Page 1 of 1