The kernel module verification protects the system against rootkits by preventing unknown
kernel modules from loading. When the kernel module verification is on, only those kernel
modules that are listed in the known files list and which have not been modified can be loaded.
If the kernel module verification is set to Report only, the product sends an alert when an
unknown or modified kernel module is loaded but does not prevent it from loading.
2. Turn Write protect kernel memory on or off.
Kernel memory write-protection protects the /dev/kmem file against write attempts. A
running kernel cannot be directly modified through the device. If the write protection is set to
Report only, the product sends an alert when it detects a write attempt to /dev/kmem file,
but it does not prevent the write operation.
3. Specify Allowed kernel module loaders.
Specified programs are allowed to load kernel modules when the kernel module verification
is on. By default, the list contains the most common module loaders. If the Linux system you
use uses some other module loaders, add them to the list. Type each entry on a new line,
only one entry per line.
General Settings
In general settings, you can configure alerting and automatic virus definition database updates
and view the product information.
Alerts
On the Alerts page, you can read and delete alert messages.
Alert Severity Levels
Alerts are divided into severity levels.
DescriptionSyslog prioritySeverity Level
Normal operating
information from the host.
infoInformational
A warning from the host.
warningWarning
For example, an error
when trying to read a file.
62 | F-Secure Linux Security | Using the Product
To Next Page
Loading...
Need help?
General
