Do Not Build a Custom Kernel


Many Linux devotees hold the opinion that the building of a custom kernel is necessary to gain tight control over system security. They may tell you to build software from source as needed. While that may be what is best for a highly technical engineer, it is undesirable for the network administrator who expects the vendor to provide an optimal business solution platform. It is not sustainable in an enterprise environment.

A key reason for using Red Hat Enterprise Linux AS 3.0 or SUSE Linux Enterprise Server is specifically to avoid the necessity of rebuilding the kernel or operating system software. By purchasing a fully supported, packaged commercial operating system platform, you are trusting the vendor to take responsibility for kernel security updates. You are assuming that the operating system as supplied by the vendor is fully suitable for the task for which it is being deployed. Thus it is assumed that all necessary device drivers are supplied in the commercial software bundle. It is expected that a vendor provides security patches as part of the support services, and all essential system updates will be provided in a timely manner. While you should apply appropriate hardening methods to secure the system, you should not customize the kernel. If you customize the kernel, you may void your support contract with the distributor and make it harder to provide rapid recovery. In a large organization, hundreds, if not thousands, of Linux servers may be present. It is not feasible to maintain enough documentation and expertise to custom-build each of them should disaster strike.




Hardening Linux
Hardening Linux
ISBN: 0072254971
EAN: 2147483647
Year: 2004
Pages: 113

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net