foodog wrote:
> 
> I'm putting the finishing touches on a mail server.  Once it's done,
> I'll never get to touch it again unless the hardware catches fire (it
> may get a day or two off next June).
> 
> It's looking like a good idea to build a newer kernel to get really
> happy reiserfs.  I'm considering leaving out support for loadable
> modules to make things inconvenient for the hypothetical cracker who may
> try to homestead on it.  Kmod rootkits are high on my nightmare list.

homestead?  I am not aware of this term in this context.  Where can I
read about the Kmod rootkits -- as if I needed more cause for wory...

> Can someone suggest a good way to determine what to include in a
> monolithic kernel?  Any thoughts about no loadable modules as a security
> measure?

This is outside of my expertise, but I would polish a server down to
what I both need and would resonably expect to set up in the future, and
then recompile the kernal in the same configuration just without module
support.

If I was running a real mail server (for more than just myself and a
couple of friends) I would be REALLY tempted to set up an old small
machine with the same configuration that I could do developmental
upgrades on to test...

  EBo --