Kernel Capabilities
UpFront Technology
upfronttechnology at rrohio.com
Tue Mar 16 13:20:11 UTC 2004
Hello,
I am in the process of hardening my Bastion Hosts before exposing them
externally. I have noticed quite a bit of press about LIDS and the kernel
control. I am testing it out on non-production boxes with RH 7.3, however I
needed to use a stock kernel.
My production Bastion hosts are RH ES v.3. I do not want to use a stock
kernel on those machines. I have noticed [very little] press online
regarding the ability to "manually" remove super user kernel capabilities by
either/or editing the capability.h file or using other software like lcap.
I have limited knowledge of libcap, but it seems to sport some of the same
features as lcap (the ability to remove capabilities).
Can anyone point me toward documentation regarding the process of removing
some of these capabilities using any of the methods above?
thanks
Joe E.
UpFront Technology
More information about the redhat-list
mailing list