Re: Debian audititing tool?

To: debian-security@lists.debian.org
Subject: Re: Debian audititing tool?
From: Christian Kurz <shorty@debian.org>
Date: Thu, 21 Dec 2000 15:37:56 +0100
Message-id: <[🔎] 20001221153756.N27036@bofh.de>
Mail-followup-to: Christian Kurz <shorty@debian.org>, debian-security@lists.debian.org
In-reply-to: <[🔎] 20001221143248.WFTZ2581.mta10.onebox.com@onebox.com>
References: <[🔎] 20001221143248.WFTZ2581.mta10.onebox.com@onebox.com>

On 00-12-21 Dan Hutchinson wrote:
> Sorry it was fornesics, but the code is basically matching the machine
> code, a unique pattern of 1's and 0's to the machine code of the kernal.

Well, but then you need to know all patterns of malicous code that could
occur. I think this will be a lot of patterns that you have to search
for, so that the search will take a long time.

> Unless you have a kernal file that doesn't have 1's and 0's in machine
> language, you can scan the code.  I am not sure how ASM code is written
> thou.

Well, ASM (assembler) comes also down to 1 and 0 if you think about
machine-code that is used by the processor. I thaught you wanted to scan
the code that you find beneath /usr/src/linux.

Ciao
     Christian
-- 
Ein "Nein" ausgesprochen mit der tiefsten Überzeugung ist besser
und größer als ein "Ja" um zu gefallen oder noch schlimmer, um
Schwierigkeiten zu umgehen.
  -- Mahatma Gandhi

Reply to:

Follow-Ups:
- Re: Debian audititing tool?
  - From: Peter Eckersley <pde@cs.mu.oz.au>
- Re: Debian audititing tool?
  - From: Peter Cordes <peter@llama.nslug.ns.ca>

References:
- Re: Debian audititing tool?
  - From: "Dan Hutchinson" <hutchinsond@zdnetonebox.com>

Prev by Date: Re: Debian audititing tool?
Next by Date: Re: Debian audititing tool?
Previous by thread: Re: Debian audititing tool?
Next by thread: Re: Debian audititing tool?
Index(es):
- Date
- Thread