Re: malware defense

Peter T. Breuer (ptb@it.uc3m.es)
Mon, 6 Dec 1999 14:51:12 +0100 (MET)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Arjan van de Ven: "Re: ipv6 as module: usage count = -1"
Previous message: Anton Ivanov: "Re: over 5Gb missing from a 13.5Gb disk"
Next in thread: BIONDI Philippe: "Re: malware defense"
Reply: BIONDI Philippe: "Re: malware defense"

"A month of sundays ago BIONDI Philippe wrote:"
>
> I suggest you to have a glimpse at the LIDS project
> (Linux Intrusion Detection System).
> Its aim is to have an incorruptible kernel (no /dev/kmem, no modules after
> boot time) and then to protect user space entities (like daemons, files,

But this is the wrong way round. I need a kernel that I can verify is
the one I put there and not any simulacron. I.e. I need the kernel
to have compiled into it a secret that allows me to verify it when I
load a verification module.

> Actually, I just remember a mirror address :
> http://www.lids.webmotion.net
> I released an unofficial version last night (which I hope will be soon
> official) which can be found at ftp://ftp.webmotion.net/pub/lids

I'll have a look. Does it address the question above?

Peter

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Arjan van de Ven: "Re: ipv6 as module: usage count = -1"
Previous message: Anton Ivanov: "Re: over 5Gb missing from a 13.5Gb disk"
Next in thread: BIONDI Philippe: "Re: malware defense"
Reply: BIONDI Philippe: "Re: malware defense"