From: Fabrice MARIE <fabrice@celestix.com>
Subject: Re: general questions
Date: Wed, 15 Aug 2001 20:16:31 +0000
Next Article (by Subject): RE: general questions Jörgen_Sigvardsson
Previous Article (by Subject): Re: general questions Amon Ott
Top of Thread: general questions Justus Pendleton
Next in Thread: RE: general questions Jörgen_Sigvardsson
Articles sorted by: [Date]
[Author]
[Subject]
Hello,
On Wednesday 15 August 2001 10:51, Amon Ott wrote:
> [...]
> > I was also looking at the malware scanner. I think it is a pretty
> > nifty idea but I was thinking it would be even better if it could act
> > like tripwire. Like generate a SHA-1 hash of the executable and then
> > check it against a database. If the hash doesn't match the expected
> > result the kill the program and notify the user. I'm not sure how
> > easy it would be to put SHA-1 in the kernel (well, pretty easy if you
> > have the international kernel patch, I guess) or how easy it would be
> > to have a decent database lookup in the kernel.
> J=F6rgen meant to implement this scheme as an RSBAC module, but I have =
not
> looked into any code yet.
It would be a good feature to have, but it would most probably
make the system crawl, unless like tripwire, it runs once periodically.
However, this defeats the purpose of having it in the kernel...
What do you guys think ?
Have a nice day,
Fabrice.
--=20
Fabrice MARIE
Senior R&D Engineer
Celestix Networks
http://www.celestix.com/
"Silly hacker, root is for administrators"=20
-Unknown
-
To unsubscribe from the rsbac list, send a mail to
majordomo@rsbac.org with
unsubscribe rsbac
as single line in the body.
Next Article (by Subject): RE: general questions Jörgen_Sigvardsson
Previous Article (by Subject): Re: general questions Amon Ott
Top of Thread: general questions Justus Pendleton
Next in Thread: RE: general questions Jörgen_Sigvardsson
Articles sorted by: [Date]
[Author]
[Subject]