PTD-001299 wrote this...
> On Thu, 25 Jul 1996, Terry Glanfield wrote:
>> I'm starting to pair down the kernel on a Solaris 2.5 box that will
>> be used as a firewall. I've remove a number of modules but, before
>> getting carried away, I thought I'd ask around to see what other
>> people have done. What modules is is safe/recommend to remove?
[snip]
> I thought the SOlaris 2.5 kernel was dynamically loading (and
> unloading) so there was no need to do this. Perhaps a few settings
> in /etc/system but that is it. What exeactly did you remove?
the Solaris 2.x kernels are infact dynamically loading kernels, but it
will only load "drivers" that have been "registered" (via add_drv). so
by removing ones that ship with the OS (via rem_drv) you can restrict
what services the kernel has access to (provided someone doesnt upload
another driver and install it). easy way to disable sun's default
rlogin is to remove the kernel driver for it :) (but this doesnt stop
someone from compiling up a BSDish one and inserting that on your
system).
Matt
--
Matthew Keenan Network Administrator First Pacific Stockbrokers
Sydney, Australia
References:
|
|
