Security Portal: System and Network Security - Kernel Options
Dec 06, 2000, 08:12 (2 Talkback[s])
(Other stories by Kurt Seifried)
Re-Imagining Linux Platforms to Meet the Needs of Cloud Service Providers
"When you ask most network and system administrators about
system and network security, they'll respond, "We have a firewall"
or "We use SSL encryption." This is all fine and good. However,
there are often some things they have missed - not that it is
really their fault, since these additional options are not very
well documented in most cases. Almost all Unix-based operating
systems have the capability to modify various kernel options while
the system is running. I'll be concentrating on Linux, *BSD and
"All three have different facilities for modifying kernel
configuration on the fly. Solaris uses ndd and generally
manipulates /dev/ entries; Linux uses the /proc interface; and BSD
uses sysctl to "get or set kernel state" (quote from man sysctl).
For my examples I will be using Solaris 8.0 on an Ultrasparc, Red
Hat 7.0 and OpenBSD 2.8, both on Intel platforms."