Re: Debian audititing tool?
On 00-12-21 Dan Hutchinson wrote:
> Sorry it was fornesics, but the code is basically matching the machine
> code, a unique pattern of 1's and 0's to the machine code of the kernal.
Well, but then you need to know all patterns of malicous code that could
occur. I think this will be a lot of patterns that you have to search
for, so that the search will take a long time.
> Unless you have a kernal file that doesn't have 1's and 0's in machine
> language, you can scan the code. I am not sure how ASM code is written
Well, ASM (assembler) comes also down to 1 and 0 if you think about
machine-code that is used by the processor. I thaught you wanted to scan
the code that you find beneath /usr/src/linux.
Ein "Nein" ausgesprochen mit der tiefsten Überzeugung ist besser
und größer als ein "Ja" um zu gefallen oder noch schlimmer, um
Schwierigkeiten zu umgehen.
-- Mahatma Gandhi