Re: module information

To: Igor Cicimov <icicimov@gmail.com>
Cc: debian-user <debian-user@lists.debian.org>
Subject: Re: module information
From: shawn wilson <ag4ve.us@gmail.com>
Date: Thu, 3 Jan 2013 00:55:14 -0500
Message-id: <[🔎] CAH_OBieh-oUf2F4BFr6ytm3gTkHwLM=DNXTv7CKaiz2s5Pm8_g@mail.gmail.com>
In-reply-to: <[🔎] CAAKASGyzN3xkM7=xTm2YkVoKLomo6qnyG-1Li4Q4mC_hQzv5dA@mail.gmail.com>
References: <[🔎] CAH_OBico9RbCFG4cPGAEcr-_mUnhQPHCEg4heDzLHTKu6gf8-g@mail.gmail.com> <[🔎] CAAKASGydxm93vqV1mdgbnkisBWvHZ0mWKwm0UELrgp0S_ynWmA@mail.gmail.com> <[🔎] CAH_OBiffcdfqvP=zxi2Fov7RiGYvYOqUoxDqJNwTyu3yuFH+xA@mail.gmail.com> <[🔎] CAAKASGyzN3xkM7=xTm2YkVoKLomo6qnyG-1Li4Q4mC_hQzv5dA@mail.gmail.com>

On Wed, Jan 2, 2013 at 6:55 PM, Igor Cicimov <icicimov@gmail.com> wrote:
>

> By the way, by
> manually loading something from different location but the default one don't
> you already know the location of that file :)

This assumes that I'm the only one that touches a system and/or that I
keep detailed logs (or maybe auditd would show?) I really find it hard
to believe there's no way of auditing what modules are in memory.
However if modules can't be audited, this is the perfect for a rootkit
... until a box is rebooted - which also means no trace of the rootkit
need be left behind.

Reply to:

Follow-Ups:
- Re: module information
  - From: shawn wilson <ag4ve.us@gmail.com>

References:
- module information
  - From: shawn wilson <ag4ve.us@gmail.com>
- Re: module information
  - From: Igor Cicimov <icicimov@gmail.com>
- Re: module information
  - From: shawn wilson <ag4ve.us@gmail.com>
- Re: module information
  - From: Igor Cicimov <icicimov@gmail.com>

Prev by Date: Re: [OT] I wish to have a mentor
Next by Date: RE: Wheezy Installer Auto-Partition Oddity
Previous by thread: Re: module information
Next by thread: Re: module information
Index(es):
- Date
- Thread