Q

Built-in mechanisms for securing the kernel

Security expert James Turnbull sugguests OpenWall and LIDS as two examples of built-in mechanisms that can help to further secure the Linux kernel.

Other than SELinux or similar frameworks, what built-in mechanisms exist for securing Linux Kernel? What changes are made in source code?

There are a number of tools that can further secure the Linux kernel. OpenWall, LIDS and Pax/grsecurity are all examples of modules that can be compiled into the kernel to perform this function. The changes they make to the source code greatly vary depending on the function of the tool. Some of the functions that kernel security modules introduce include Role-Based Access Control (RBAC), chrooting, buffer overflow protection, better...

handling of race conditions and additional auditing or intrusion detection.

I suggest reading the documentation for each tool and selecting the one that best suits your environment. Some tools require extensive setup and configuration, like SELinux and other ACL/RBAC-style tools, and others can be introduced without configuration, though you will need to still ensure your applications and daemons function correctly.

This was first published in March 2006
This Content Component encountered an error

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchDataCenter

SearchServerVirtualization

SearchCloudComputing

SearchEnterpriseDesktop

Close