OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: [suse-security] Antwort: Re: [suse-security] firewall-script doesn't start
From: Rainer Link (linkfoo.fh-furtwangen.de)
Date: Wed Mar 22 2000 - 05:48:11 CST

kai.krebbersyseca.de wrote:

> >>Does the SuSE-fw need a modular kernel?
> >Yes, you may want to rebuild your kernel
> >to load the appropriate modules, unless
> >you want to modify the firewall script in init.d.
Well, as I do not use the SuSE fw script, I cannot comment on it

> O.K. - Then I will completely renounce the SuSE-firewall-script. The literature
> says that it's not a good idea, having a module-enabled kernel on a firewall and
> this attitude makes sense to me.
Well, in general I agree with you. But afaik the masq stuff (i.e.
ip_masq_ftp) works only as modules. If your are concerned of malicious
modules (1), you may use SecuMod (2) or LIDS (3). It prevents an
intruder from loading any modules after i.e. LIDS is sealed.

(1) malicious code can also be insert into the kernel via runtime kernel
patching. A paper including a sample implementation describes this for
2.0.x kernels.

(2) imho SecuMod comes with SuSE >= 6.3
(3) Linux Intrusion Detection System (LIDS): www.lids.org or
www.de.lids.org. I was working on a SuSE-LIDS-HowTo (including some
patches to the boot scripts, which are needed due to the LIDS concept),
but it isn't yet finished and not public available .

HTH

cu, Rainer 

-- 
Member of Virus Help Munich (www.vhm.haitec.de)       | Rainer Link      
Member of AMaViS Development Team (amavis.org)        | rainerw3.to     
Maintainer FAQ "antivirus for Linux" (av-linux.w3.to) | rainer.w3.to

---------------------------------------------------------------------
To unsubscribe, e-mail: suse-security-unsubscribesuse.com
For additional commands, e-mail: suse-security-helpsuse.com