Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 19 Jun 2020 15:27:29 +0200
From: Mikhail Morfikov <>
Subject: Re: rootkit detection

On 19/06/2020 15:06, Solar Designer wrote:
> On Fri, Jun 19, 2020 at 02:53:57PM +0200, Mikhail Morfikov wrote:
>> On 14/06/2020 17:37, Solar Designer wrote:
>>> Adam found this interesting Master's Thesis of Juho Junnila, entitled
>>> "Effectiveness of Linux Rootkit Detection Tools":
>> I'm in the middle of reading the pdf, and I have one question. Since all the 
>> kernel rootkits described in the paper are provided in the form of external 
>> LKMs, is there a way to include LKRG source in the kernel source tree somehow?
>> In this way when the kernel is built, the module would also be compiled as a 
>> regular module, or compiled into the kernel itself. Is this doable?
> We don't currently support this officially, but Nikolay Zorin who posted
> in here last month managed to get this to work for him (perhaps for
> inclusion in a product of his employer):
> Alexander

So it's possible, but unfortunately I have no idea even where to start. Is there
some detailed explanation on how he did it? I would try to make it work, test it 
and see whether and how it works. 

Download attachment "signature.asc" of type "application/pgp-signature" (229 bytes)

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.