Monitoring Linux Systems for Rootkits

Michael Boelen

System Protection Kernel The kernel is the brain of the software system and decides what should be executed by the central processing unit. Intrusion Detection While prevention is a good thing, detection is usually even more valuable. Disable kernel modules Objective: Disable loading of kernel modules, if system does not require it. Additionally, disable loading all kernel modules for full protection. So we should disable this driver from /etc/modules: After adding a hash to the line starting with “lp”, we reboot the system another time.

Visit Link