| View previous topic :: View next topic |
| Author |
Message |
bendy
Apprentice
Joined: 18 May 2002
Posts: 274
Location: Gloucester, UK
|
 Posted: Wed Dec 10, 2003 1:02 pm Post subject: Non-modular kernel for security |
 |
|
Hi,
I will be putting together a gentoo firewall / proxy box soon, and so have been browsing the gentoo security guidance notes.
One of the suggestions is to build a kernel with no loadable module support. Assuming that I choose the correct options for hardware support etc. in a monolithic kernel, is there anything else that won't work?
I would not expect the likes of alsa or pcmcia to work, but that's okay on this box. X might be occasionally useful - will it work without loading modules? Are there any other essential server apps or services that might be affected?
Cheers,
bendy. |
|
| Back to top |
|
 |
NeddySeagoon
Administrator
Joined: 05 Jul 2003
Posts: 55368
Location: 56N 3W
|
| Posted: Wed Dec 10, 2003 1:12 pm Post subject: |
|
|
bendy,
Gentoo is somewhat less than ideal for a firewall. A firewall should only contain the minimum apps to allow it to do its job. The less software there is, the smaller the opportunity for security problems.
After your firewall is running you should strip out anything that might be useful to an attacker, like the compiler tool chain, X etc. Of course this makes updates a bit difficult.
If this firewall is a learning experiance, go ahead and learn. If its protecting your network, check out Smoothwall.
I'm not sure what a monolithic kernel does for security?
Regards,
NeddySeagoon
_________________
Regards,
NeddySeagoon
Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
