Date: Fri, 19 Jun 2020 15:27:29 +0200 From: Mikhail Morfikov <mmorfikov@...il.com> To: lkrg-users@...ts.openwall.com Subject: Re: rootkit detection On 19/06/2020 15:06, Solar Designer wrote: > On Fri, Jun 19, 2020 at 02:53:57PM +0200, Mikhail Morfikov wrote: >> On 14/06/2020 17:37, Solar Designer wrote: >>> Adam found this interesting Master's Thesis of Juho Junnila, entitled >>> "Effectiveness of Linux Rootkit Detection Tools": >>> >>> http://jultika.oulu.fi/files/nbnfioulu-202004201485.pdf >> >> I'm in the middle of reading the pdf, and I have one question. Since all the >> kernel rootkits described in the paper are provided in the form of external >> LKMs, is there a way to include LKRG source in the kernel source tree somehow? >> In this way when the kernel is built, the module would also be compiled as a >> regular module, or compiled into the kernel itself. Is this doable? > > We don't currently support this officially, but Nikolay Zorin who posted > in here last month managed to get this to work for him (perhaps for > inclusion in a product of his employer): > > https://www.openwall.com/lists/lkrg-users/2020/05/02/8 > > Alexander > So it's possible, but unfortunately I have no idea even where to start. Is there some detailed explanation on how he did it? I would try to make it work, test it and see whether and how it works. Download attachment "signature.asc" of type "application/pgp-signature" (229 bytes)
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.