13.4. Optimizing the Unix Kernel

Removing kernel support for any unneeded services is a great way to further lock down your system. Not only does this help to optimize system performance, it can improve security. For example, if you will be using your Unix system as a router or a firewall, you might want to disable support for source-routed packets. Doing so prevents an attacker from using source routing for spoofing or to circumvent the routing table.

Configuring a Unix kernel varies slightly with each implementation. Which options you can configure when rebuilding the kernel depend on which options are included by the manufacturer. For the purpose of demonstration, we'll work with Red Hat's version of Linux. Red Hat supports a number of graphical ...

Get Mastering™ Network Security, Second Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.