On 08/29/2015 03:11 PM, Gordon Messmer wrote:
>
Secure Boot is an effective mitigation against some features of root
kits, and really should be enabled everywhere possible.
Under Secure Boot, the firmware will not load a boot loader if it has
been tampered with, which will not load a kernel that has been
tampered, which will not load modules that have been tampered. With
that chain of protection, it becomes very difficult for a root kit to
modify the kernel to fully hide its sockets, processes, and files,
which is a common feature of root kits on systems which do not offer
such protection.
I will try turning on secure-boot next time I reboot, to see if I
can
boot with it turned on.. define "tampered with".. what if you run
grub2-mkconfig.. that tampers with it...
--
Paul Cartwright
Registered Linux User #367800 and new counter #561587