Honeypots mailing list archives
sebek as a patch?
From: NAHieu <nahieu () gmail com>
Date: Fri, 23 Sep 2005 20:43:59 +0900
Hi, One problem of sebek is it is rather hard to hide it in kernel module list (Imagine that the attacker has root access). I guess the problem can be improved if we patch sebek directly into linux kernel, so sebek is built in, and not run as module. But I cannot find such a patch: the only code I found at sebek homepage is kernel module code. Could anybody tell me if there is such a patch floating around? Many thanks, NAH
Current thread:
- sebek as a patch? NAHieu (Sep 23)