Re: chkrootkit and LKM?

Yes, definitely. I use the grsecurity patch on all the systems I build personally, as well as the company I work for--which involves hundreds of shared and dedicated server clients. I highly recommend it as a default patch to work with.

--
Regards,
Tim Greer  chatmaster@charter.net
Server administration, security, programming, consulting.

----- Original Message -----
From: "Andrew Ruef" 
To: 
Sent: Thursday, June 19, 2003 8:34 PM
Subject: RE: chkrootkit and LKM?


Actually the best way to do that is to turn off module support within
the kernel and then use some device (the grsecurity kernel patches and
the StJude LKM both have these) to close down things like access to
/dev/kmem, /dev/ports, privileged I/O, so on. This closes down other
avenues for code to be loaded into the kernel.

A. Ruef

-----Original Message-----
From: Tim Greer [mailto:chatmaster@charter.net]
Sent: Wednesday, June 18, 2003 12:22 PM
To: Rob Shein; 'Janus N. Tøndering'; incidents@securityfocus.com
Subject: Re: chkrootkit and LKM?

> ----- Original Message -----


; 

> Sent: Wednesday, June 18, 2003 12:47 AM


> This won't help if it's an LKM...LKM stands for "Linux Kernel Module,"



For some reason, I just saw 'chrootroot' and not LKM; hence my response.
Anyway, I always recommend people not compile in loadable module support
if
they want a more secure kernel and to avoid this type of problem in the
future.
--
Regards,
Tim Greer  chatmaster@charter.net
Server administration, security, programming, consulting.


------------------------------------------------------------------------
----
Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas,
the
world's premier technical IT security event! 10 tracks, 15 training
sessions,
1,800 delegates from 30 nations including all of the top experts, from
CSO's to
"underground" security specialists.  See for yourself what the buzz is
about!
Early-bird registration ends July 3.  This event will sell out.
www.blackhat.com
------------------------------------------------------------------------
----


----------------------------------------------------------------------------
Do you need help?
In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software:
Learn more about Pantek's Technical Support offerings
Place an order for 24/7/365 Technical Support here
Learn more about Pantek, who we are, and what we do
Chat with a Live Operator
Related securityfocus.com Links
bugtraq
certification
focus-bsd
focus-ids
focus-ih
focus-linux
focus-ms
focus-sun
focus-unix-other
focus-virus
forensics
incidents
libnet
linux-secnews
ms-secnews
pen-test
secpapers
secprog
sectools
secureshell
security-basics
securityjobs
sf-news
vuln-dev
webappsec
Request more information about Pantek
Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the
world's premier technical IT security event! 10 tracks, 15 training
sessions,
1,800 delegates from 30 nations including all of the top experts, from CSO's
to
"underground" security specialists.  See for yourself what the buzz is
about!
Early-bird registration ends July 3.  This event will sell out.
www.blackhat.com
----------------------------------------------------------------------------


----------------------------------------------------------------------------
Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the 
world's premier technical IT security event! 10 tracks, 15 training sessions, 
1,800 delegates from 30 nations including all of the top experts, from CSO's to 
"underground" security specialists.  See for yourself what the buzz is about!  
Early-bird registration ends July 3.  This event will sell out. www.blackhat.com
----------------------------------------------------------------------------