sebek as a patch?Sep 23 2005 11:43AM NAHieu (nahieu gmail com) (1 replies)
Hi,
One problem of sebek is it is rather hard to hide it in kernel module
list (Imagine that the attacker has root access). I guess the problem
can be improved if we patch sebek directly into linux kernel, so sebek
is built in, and not run as module.
But I cannot find such a patch: the only code I found at sebek
homepage is kernel module code. Could anybody tell me if there is such
a patch floating around?
One problem of sebek is it is rather hard to hide it in kernel module
list (Imagine that the attacker has root access). I guess the problem
can be improved if we patch sebek directly into linux kernel, so sebek
is built in, and not run as module.
But I cannot find such a patch: the only code I found at sebek
homepage is kernel module code. Could anybody tell me if there is such
a patch floating around?
Many thanks,
NAH
[ reply ]