Conclusion: Custom Kernels


This chapter covered an important topic and one that is vital for a good Linux administrator to know, namely, compiling a custom kernel. Custom kernels enhance security by enabling the administrator to choose only those options necessary for the specific computer on which the kernel will reside. By disabling unnecessary drivers and module support, you can reduce the number of attack paths available for an exploit.

Using a security-enhanced kernel such as a kernel with SELinux or a GrSecurity kernel significantly decreases the risk posed by some of the more advanced exploit techniques available. As with other security options, GrSecurity provides only one facet of a host's security. Without things like chroot, and even simply keeping the server patched, Grsec won't be as helpful. However, for all the benefits that Grsec can provide, it should be used whenever possible. It's worth the time and effort and is certainly a much better option than cleaning up after an attack that could've been prevented.




Linux Firewalls
Linux Firewalls: Attack Detection and Response with iptables, psad, and fwsnort
ISBN: 1593271417
EAN: 2147483647
Year: 2005
Pages: 163
Authors: Michael Rash

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net