I am a the same post graduate research student using Enforcer for attempting to create a rootkit detection Linux Filesystem who posted the " Kernel Panic When Booting compiled Enforcer" problem earlier.
Can I pls be informed of what Linux distribution and configurations (gcc, make etc) was originally and successfully used to set up and test the Enforcer (versions alpha & beta)?
I'd like to try try to obtain the same Linux OS as was used to test and create the Enforcer-maybe the kernel panic problem was due to using a different Linux distribution.
Thanks,
rgds
jyteh.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I was developing under Debian/unstable in the spring of 2004, but there were some packages that were cutting edge at the time.. I believe sarge (3.1) released on 6 June 2005 would work well. You might also try etch (4.0) released 8 April 2007. All of my development was i386 (32 bit) single processor. You can download sarge from http://www.debian.org/releases/sarge/debian-installer/ or etch from http://www.debian.org/releases/etch/debian-installer/ .
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Also, the newest version of the kernel that I developed patches for was 2.6.5. As you discovered it would be quite a bit of work to fix it for newer version.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Thank you very much for your reply and links on where to find the old debian distros - I am downloading now. Yes, I can see
that tons of work is required for 2.6.5 from 2.6.0. I've experimented with both versions and can see the quanta of work
involved and the time spent.
The Enforcer is an essential,indispensable tool for my research work and I must say that, with more enhancements , it has the
potential to be developed to a full-fledged rootkit detection product.
I am planning to dig deeper into the Enforcer codes. Hence, would it be possible if you provide some info on what
one has to learn / skills possessed -on the Debian or Linux , in order to start understanding the architecture, design and
flow of the sources in Enforcer?
In short, what skills one need to posses when one are developing the enforcer tool and where can I find more info on the
architecture of the enforcer tool?
I am an intermediate Linux user ( using Linux for 2 yrs) and my skills are:
1. Basic bash scripting.
2. Basic Ubuntu/Debian system administration.
3. compilling kernel in both debian & ubuntu.
4. Intermediate C programming (equivalent to a fundamental & advanced course in C programming in Bachelor's degree level)
5. intermediate knowledge in hypervisors - Qemu & VirtualBox (2 yrs)
For your info, my research is at the doctoral level.
Thanks in advance ,
rgds
jyteh
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hi there,
I am a the same post graduate research student using Enforcer for attempting to create a rootkit detection Linux Filesystem who posted the " Kernel Panic When Booting compiled Enforcer" problem earlier.
Can I pls be informed of what Linux distribution and configurations (gcc, make etc) was originally and successfully used to set up and test the Enforcer (versions alpha & beta)?
I'd like to try try to obtain the same Linux OS as was used to test and create the Enforcer-maybe the kernel panic problem was due to using a different Linux distribution.
Thanks,
rgds
jyteh.
I was developing under Debian/unstable in the spring of 2004, but there were some packages that were cutting edge at the time.. I believe sarge (3.1) released on 6 June 2005 would work well. You might also try etch (4.0) released 8 April 2007. All of my development was i386 (32 bit) single processor. You can download sarge from http://www.debian.org/releases/sarge/debian-installer/ or etch from http://www.debian.org/releases/etch/debian-installer/ .
Also, the newest version of the kernel that I developed patches for was 2.6.5. As you discovered it would be quite a bit of work to fix it for newer version.
Dear Omen,
Thank you very much for your reply and links on where to find the old debian distros - I am downloading now. Yes, I can see
that tons of work is required for 2.6.5 from 2.6.0. I've experimented with both versions and can see the quanta of work
involved and the time spent.
The Enforcer is an essential,indispensable tool for my research work and I must say that, with more enhancements , it has the
potential to be developed to a full-fledged rootkit detection product.
I am planning to dig deeper into the Enforcer codes. Hence, would it be possible if you provide some info on what
one has to learn / skills possessed -on the Debian or Linux , in order to start understanding the architecture, design and
flow of the sources in Enforcer?
In short, what skills one need to posses when one are developing the enforcer tool and where can I find more info on the
architecture of the enforcer tool?
I am an intermediate Linux user ( using Linux for 2 yrs) and my skills are:
1. Basic bash scripting.
2. Basic Ubuntu/Debian system administration.
3. compilling kernel in both debian & ubuntu.
4. Intermediate C programming (equivalent to a fundamental & advanced course in C programming in Bachelor's degree level)
5. intermediate knowledge in hypervisors - Qemu & VirtualBox (2 yrs)
For your info, my research is at the doctoral level.
Thanks in advance ,
rgds
jyteh