Re: module information
On Wed, Jan 2, 2013 at 6:55 PM, Igor Cicimov <icicimov@gmail.com> wrote:
>
> By the way, by
> manually loading something from different location but the default one don't
> you already know the location of that file :)
This assumes that I'm the only one that touches a system and/or that I
keep detailed logs (or maybe auditd would show?) I really find it hard
to believe there's no way of auditing what modules are in memory.
However if modules can't be audited, this is the perfect for a rootkit
... until a box is rebooted - which also means no trace of the rootkit
need be left behind.
Reply to: