LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 24, 2012

A uTouch architecture introduction

LWN.net Weekly Edition for May 17, 2012

Tasting the Ice Cream Sandwich

Highlights from the PostgreSQL 9.2 beta

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

kernel modules are a convenience

kernel modules are a convenience

Posted Dec 19, 2011 1:57 UTC (Mon) by raven667 (subscriber, #5198)
In reply to: kernel modules are a convenience by dlang
Parent article: First version of kmod released

I would argue that if you are falling to worms or automated attacks that you probably aren't doing anything for security or patching as most automated attacks use low-value, quickly-patched vulnerabilities to spread. IMHO if you have all the basics covered, mangling your OS install isn't going to buy you a whole heck of a lot except for management headaches and you will end up installing those tools (sniffers, etc.) anyway because they are useful.

I would argue that for an APT, no matter how hard you work it won't be enough to keep them out so a strong audit capability to detect unusual activity quickly so you can shut it down and clean it up is a better use of time and resources. Much like how the credit card industry focuses on fraud detection, after transactions have cleared, rather than prevention. Logging and reviewing all sudo logs and other root activity is simple and low overhead and pretty effective.

(Log in to post comments)

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds