[Gllug] Memory scanning
rich at annexia.org
Sun Sep 5 09:45:29 UTC 2010
On Sun, Sep 05, 2010 at 12:08:19AM +0100, Steve Parker wrote:
> On 04/09/10 11:44, James Courtier-Dutton wrote:
> > Hi,
> > I am looking for a tool that does the following.
> > 1) Scan an executable binary file to create a checksum.
> > 2) Runs the executable program as a process.
> > 3) Halts execution of a single process
> > 4) Scans the entire process address space to create a checksum
> > 5) Compares the two checksums to discover if any virus or malicious
> > code has been inserted.
> > 6) If all is well, allow the process to schedule again.
> Sounds rather like Text Relocation - SELinux will do that for you -
> (the original seems to have disappeared, and Drepper's redhat page
> directs you to his personal page, suggesting that he left, I must be out
> of touch!)
That'd be news to me. He gave a couple of presentations at the Red
Hat Summit in June. You can find his papers on his personal website
Gllug mailing list - Gllug at gllug.org.uk
More information about the GLLUG