blocking rootkits using virtualization

blocking rootkits using virtualization

[Aniket Shinde]

Hello guys,
    I was going through kernelnewbies.org and came across a project "Block
Rootkits using Virtualization" by riel.
     Basically we have to make kernel read only after boot process
completes so rootkits get blocked.
     I have few doubts...

--Is the method of making kernel read only to block rootkits used in linux
kernel mainline?

--have anybody implenented this project already?

--what is the good way to start with above project?

--any guidelines to implemnet above project??

--can I get any menor??

--any material related to above project??
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.kernelnewbies.org/pipermail/kernelnewbies/attachments/20140730/5ffd8ad8/attachment.html 

blocking rootkits using virtualization

[Valdis.Kletnieks at vt.edu]

On Wed, 30 Jul 2014 23:47:32 +0530, Aniket Shinde said:

> --Is the method of making kernel read only to block rootkits used in linux
> kernel mainline?

Been there since 2006 or so. Riel needs to update that project entry. :)

CONFIG_DEBUG_RODATA=y
CONFIG_DEBUG_RODATA_TEST=y
CONFIG_DEBUG_SET_MODULE_RONX=y

Seems to be an x86-only at the current time.  Feel free to make it work
on other archs.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 848 bytes
Desc: not available
Url : http://lists.kernelnewbies.org/pipermail/kernelnewbies/attachments/20140730/fbae5c27/attachment-0001.bin