[Gllug] Memory scanning
Steve Parker
steve at steve-parker.org
Sat Sep 4 23:08:19 UTC 2010
On 04/09/10 11:44, James Courtier-Dutton wrote:
> Hi,
>
> I am looking for a tool that does the following.
> 1) Scan an executable binary file to create a checksum.
> 2) Runs the executable program as a process.
> 3) Halts execution of a single process
> 4) Scans the entire process address space to create a checksum
> 5) Compares the two checksums to discover if any virus or malicious
> code has been inserted.
> 6) If all is well, allow the process to schedule again.
>
Sounds rather like Text Relocation - SELinux will do that for you -
http://web.archive.org/web/20080514003359/http://people.redhat.com/drepper/textrelocs.html
(the original seems to have disappeared, and Drepper's redhat page
directs you to his personal page, suggesting that he left, I must be out
of touch!)
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list