Monitoring and prevention of MBR activity.
m.roth at 5-cent.us
m.roth at 5-cent.us
Tue Sep 6 14:34:12 UTC 2011
Robb III, George B. wrote:
>
> Have an interesting problem in which monitoring and preventing activity on
> the MBR would be very useful.
>
> Has anyone used SELinux for this type of task?
Why? Most, if not all, BIOSes in the last 15 years allow you to make the
MBR unwriteable, IIRC, so that you have to be at the console, rebooting,
to go into the BIOS to change that. Some also send warning (NMI) to the
console screen if a change is being/about to be made.
That's something that, if I were worried about it, would have locked down
and not have to monitor.
mark
More information about the selinux
mailing list