diff options
| author | Silvio Rhatto <rhatto@riseup.net> | 2010-02-02 21:46:39 -0200 |
|---|---|---|
| committer | Silvio Rhatto <rhatto@riseup.net> | 2010-02-02 21:46:39 -0200 |
| commit | 52de4478f790aeccee5ba6c4164a3486bd779756 (patch) | |
| tree | 7c606f0a0f25444779f5dcc0bcf50e48c0374e06 | |
| parent | e5056a0907f546b79222a49166c46ec77f7904b4 (diff) | |
| download | padrao-52de4478f790aeccee5ba6c4164a3486bd779756.tar.gz padrao-52de4478f790aeccee5ba6c4164a3486bd779756.tar.bz2 | |
Adicionando procedimento de firewire
| -rw-r--r-- | firewire.mdwn | 21 | ||||
| -rw-r--r-- | install.mdwn | 2 |
2 files changed, 22 insertions, 1 deletions
diff --git a/firewire.mdwn b/firewire.mdwn index e69de29..289dc59 100644 --- a/firewire.mdwn +++ b/firewire.mdwn @@ -0,0 +1,21 @@ +Firewire +======== + +Para evitar dumps de memória via firewire, este artigo oferece a mitigação ideal via `/etc/modprobe.d/blacklist`: + + # Physical memory attacks via Firewire/DMA Mitigation + # Prevent automatic loading of the ohci1394 module. + blacklist ohci1394 + # Prevent manual loading of the ohci1394 module. + install ohci1394 false + # Iff we should ever load the ohci1394 module, force the use of the 'phys_dma=0' option. + options ohci1394 phys_dma=0 + +Depois dessa configuração, é preciso atualizar a `initrd` de cada sistema, através do comando + + update-initramfs -v -u + +Feito isso, o firewire pode ser desabilitado nos sistemas que estão rodando simplesmente com um + + rmmod ohci1394 + diff --git a/install.mdwn b/install.mdwn index 13bde3d..a965795 100644 --- a/install.mdwn +++ b/install.mdwn @@ -150,7 +150,7 @@ Já o `/etc/kernel-img.conf` deve possuir a linha do_initrd = Yes -Proceda [desabilitando o firewire do sistema](firewire) e, em seguida, instale o kernel: +Proceda [desabilitando o firewire do sistema](../firewire) e, em seguida, instale o kernel: if [ "$arch" == "i386" ]; then kernel_arch="686" |