|
There are a number of tools that can further secure the Linux kernel. OpenWall, LIDS and Pax/grsecurity are all examples of modules that can be compiled into the kernel to perform this function. The changes they make to the source code greatly vary depending on the function of the tool. Some of the functions that kernel security modules introduce include Role-Based Access Control (RBAC), chrooting, buffer overflow protection, better handling of race conditions and additional auditing or intrusion detection.
I suggest reading the documentation for each tool and selecting the one that best suits your environment. Some tools require extensive setup and configuration, like SELinux and other ACL/RBAC-style tools, and others can be introduced without configuration, though you will need to still ensure your
applications and daemons function correctly.
|
