On Wed, Jan 2, 2013 at 6:55 PM, Igor Cicimov <icici...@gmail.com> wrote: >
> By the way, by > manually loading something from different location but the default one don't > you already know the location of that file :) This assumes that I'm the only one that touches a system and/or that I keep detailed logs (or maybe auditd would show?) I really find it hard to believe there's no way of auditing what modules are in memory. However if modules can't be audited, this is the perfect for a rootkit ... until a box is rebooted - which also means no trace of the rootkit need be left behind. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CAH_OBieh-oUf2F4BFr6ytm3gTkHwLM=dnxtv7ckaiz2s5pm...@mail.gmail.com
