Date: Fri, 19 Jun 2020 15:06:41 +0200 From: Solar Designer <solar@...nwall.com> To: lkrg-users@...ts.openwall.com Subject: Re: rootkit detection On Fri, Jun 19, 2020 at 02:53:57PM +0200, Mikhail Morfikov wrote: > On 14/06/2020 17:37, Solar Designer wrote: > > Adam found this interesting Master's Thesis of Juho Junnila, entitled > > "Effectiveness of Linux Rootkit Detection Tools": > > > > http://jultika.oulu.fi/files/nbnfioulu-202004201485.pdf > > I'm in the middle of reading the pdf, and I have one question. Since all the > kernel rootkits described in the paper are provided in the form of external > LKMs, is there a way to include LKRG source in the kernel source tree somehow? > In this way when the kernel is built, the module would also be compiled as a > regular module, or compiled into the kernel itself. Is this doable? We don't currently support this officially, but Nikolay Zorin who posted in here last month managed to get this to work for him (perhaps for inclusion in a product of his employer): https://www.openwall.com/lists/lkrg-users/2020/05/02/8 Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.