Re: Rootkit

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, 2007-10-23 at 09:17 +0200, Manuel Arostegui Ramirez wrote:
> On Tuesday 23 October 2007 08:19:30 bob.smith@xxxxxxxxxxx wrote:
> >
> > The idea was to create sort of(in some way) "encrypted and protected"
> > executables. This to be able to verify that an executable is what it
> > is(located on machine X, and compiled on machine x). Further, the
> > executable would be made so that it could not run on a system on which it
> > was not allowed to run. That was the basis of the idea. Purely theoretical.
> > How this could be achieved in reality is beyond my current knowledgebase,
> > but I am sure that someone else with more knowledge in encryption and
> > protection than me, could maybe analyse this further.
> >
> 
> A small approach to this, I mean to be sure that the executable is the one you 
> installed firstly, could be getting the filehash of all the binaries 
> installed from the beggining storing all the values in a database (outside 
> from that box) and then if you think you could be hacked, just run again the 
> filehash and compare it with the original one you got...
> 
> Again, this is an small approach, just an idea.

That's what tripwire does.

----------------------------------------------------------------------
- Rick Stevens, Principal Engineer             rstevens@xxxxxxxxxxxx -
- CDN Systems, Internap, Inc.                http://www.internap.com -
-                                                                    -
-   Errors have occurred. We won't tell you where or why.  We have   -
-                         lazy programmers.                          -
----------------------------------------------------------------------


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux