To mitigate this threat, any unused hardware and its associated driver modules should be removed and all essential hardware and respective driver modules should be have the most up-to-date patches. Keeping all drivers up-to-date and all unused devices deactivated is also essential. You can remove modules using the rmmod command.
Most modern, supported Linux distributions include a package manager that will perform this function automatically at a scheduled time, automatically when the package manager is run, or manually as needed. Novell Suse's Yast or Red Hat's Yum utilities perform this function quite well.
To add more to the list of tasks to perform, modern Linux distributions are coming packaged with more preinstalled driver modules for greater hardware compatibility. This means you have to spend more time disabling various hardware items to enhance security.
Some of the more hardened Linux distributions intended for use on security appliances only permit absolutely minimal hardware to function and do not even allow external media to be mounted by the machine. Although this may seem extreme and can certainly complicate the ability to provide legitimate access to the system, especially a workstation, it is an example of the hardening level available and appropriate for systems with critical functionality or sensitive data.
Examples of hardened Linux distributions or hardening scripts include the following:
• SELinux (http://www.coker.com.au/selinux/)
• Astaro (https://my.astaro.com/download/)
• Bastille (http://www.bastille-linux.org/)
• Hardened Linux (http://hardenedlinux.sourceforge.net/)
• EnGarde (http://www.engardelinux.org/)
Was this article helpful?
Read how to maintain and repair any desktop and laptop computer. This Ebook has articles with photos and videos that show detailed step by step pc repair and maintenance procedures. There are many links to online videos that explain how you can build, maintain, speed up, clean, and repair your computer yourself. Put the money that you were going to pay the PC Tech in your own pocket.