You can protect the loading and unloading of kernel modules, and so help protect the operating system.
To protect a kernel module
To create a kernel module, you need to define:
On all non-Linux systems, the name of the KMODULE record must match the name of the kernel module file (not the full path). This is because the name of the module is the same as the name of the file. On Linux, the name of KMODULE record needs to match only the name of the kernel module, which, may be different from the actual file name.
Note: On HP and Solaris systems, you can define the special kernel module _ALL_MODULES to protect the unloading of all kernel modules.
Example: Protect a Kernel Module Using selang Commands
The following selang commands define and authorize a kernel module serial.o to CA ControlMinder and authorizes the enterprise user kadmin to load and unload it:
newres kmodule serial.o owner(kadmin) defaccess(none) \ filepath(/lib/modules/2.2.19/serial.o:/lib/modules/2.2.20/serial.o) authorize kmodule serial.o access(load, unload) xuid(kadmin)
Copyright © 2013 CA Technologies.
All rights reserved.
|
|