[Gllug] Memory scanning

Steve Parker steve at steve-parker.org
Sat Sep 4 23:08:19 UTC 2010


On 04/09/10 11:44, James Courtier-Dutton wrote:
> Hi,
>
> I am looking for a tool that does the following.
> 1) Scan an executable binary file to create a checksum.
> 2) Runs the executable program as a process.
> 3) Halts execution of a single process
> 4) Scans the entire process address space to create a checksum
> 5) Compares the two checksums to discover if any virus or malicious
> code has been inserted.
> 6) If all is well, allow the process to schedule again.
>    

Sounds rather like Text Relocation - SELinux will do that for you - 
http://web.archive.org/web/20080514003359/http://people.redhat.com/drepper/textrelocs.html 
(the original seems to have disappeared, and Drepper's redhat page 
directs you to his personal page, suggesting that he left, I must be out 
of touch!)
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug




More information about the GLLUG mailing list