On Wed, Jan 2, 2013 at 6:55 PM, Igor Cicimov <[email protected]> wrote: >
> By the way, by > manually loading something from different location but the default one don't > you already know the location of that file :) This assumes that I'm the only one that touches a system and/or that I keep detailed logs (or maybe auditd would show?) I really find it hard to believe there's no way of auditing what modules are in memory. However if modules can't be audited, this is the perfect for a rootkit ... until a box is rebooted - which also means no trace of the rootkit need be left behind. -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/CAH_OBieh-oUf2F4BFr6ytm3gTkHwLM=dnxtv7ckaiz2s5pm...@mail.gmail.com
