Detecting attackers is a different situation. An attack that is already fixed
is not a serious problem other than bandwidth. Virus scanners can't do that
anyway - they can only detect what has already been detected... and which
should have been fixed by the time the signature could have been put out,
anyway. Detection should be part of an intrusion facility (isn't LIDS supposed
to do that?)
Second, I want to setup SELinux to sandbox various facilities anyway (delayed
due to job change). That should isolate any unknown attack to just one
service, and protect the overall system.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/