Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20200619130641.GA4425@openwall.com>
Date: Fri, 19 Jun 2020 15:06:41 +0200
From: Solar Designer <solar@...nwall.com>
To: lkrg-users@...ts.openwall.com
Subject: Re: rootkit detection

On Fri, Jun 19, 2020 at 02:53:57PM +0200, Mikhail Morfikov wrote:
> On 14/06/2020 17:37, Solar Designer wrote:
> > Adam found this interesting Master's Thesis of Juho Junnila, entitled
> > "Effectiveness of Linux Rootkit Detection Tools":
> > 
> > http://jultika.oulu.fi/files/nbnfioulu-202004201485.pdf
> 
> I'm in the middle of reading the pdf, and I have one question. Since all the 
> kernel rootkits described in the paper are provided in the form of external 
> LKMs, is there a way to include LKRG source in the kernel source tree somehow?
> In this way when the kernel is built, the module would also be compiled as a 
> regular module, or compiled into the kernel itself. Is this doable?

We don't currently support this officially, but Nikolay Zorin who posted
in here last month managed to get this to work for him (perhaps for
inclusion in a product of his employer):

https://www.openwall.com/lists/lkrg-users/2020/05/02/8

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.