Security Portal: System and Network Security - Kernel OptionsDec 06, 2000, 08:12 (2 Talkback[s])
(Other stories by Kurt Seifried)
"When you ask most network and system administrators about system and network security, they'll respond, "We have a firewall" or "We use SSL encryption." This is all fine and good. However, there are often some things they have missed - not that it is really their fault, since these additional options are not very well documented in most cases. Almost all Unix-based operating systems have the capability to modify various kernel options while the system is running. I'll be concentrating on Linux, *BSD and Solaris."
"All three have different facilities for modifying kernel configuration on the fly. Solaris uses ndd and generally manipulates /dev/ entries; Linux uses the /proc interface; and BSD uses sysctl to "get or set kernel state" (quote from man sysctl). For my examples I will be using Solaris 8.0 on an Ultrasparc, Red Hat 7.0 and OpenBSD 2.8, both on Intel platforms."