Robb III, George B. wrote:
Have an interesting problem in which monitoring and preventing activity on
the MBR would be very useful.
Has anyone used SELinux for this type of task?
Why? Most, if not all, BIOSes in the last 15 years allow you to make the
MBR unwriteable, IIRC, so that you have to be at the console, rebooting,
to go into the BIOS to change that. Some also send warning (NMI) to the
console screen if a change is being/about to be made.
That's something that, if I were worried about it, would have locked down
and not have to monitor.
mark