Mailinglist Archive

Detecting Kernel-level Compromises With gdb
by Mariusz Burdach
last updated November 18, 2004

This article is intended to outline useful ways of detecting hidden
modifications to a Linux kernel. Often known as a rootkit, this stealthy
type of malware gets installed in the kernel of an operating system and
requires special techniques by Incident handlers and Linux system
administrators to be detected. 

http://www.securityfocus.com/infocus/1811