Linux �$B$G$O!"�(BLKM(Loadable Kernel Module) �$B$J$I!"%+!<%M%k$rF0E*$KJQ99$9$k5!G=$r;HMQ$9$k$3$H$,$G$-$^�(B
�$B$9!#Nc$H$7$F!"�(BLinux �$B$N�(Biptables �$B$G%U%!%$%"!<%&%)!<%k$r:n$k$H$-$K!"�(BLKM
�$B$r;HMQ$7$FMM!9$J5!G=$rF0E*$KAH$_9~$s$G$*$1$k$h$&$K$7$F$*$/$H!"3HD%@-$KM%�(B
�$B$l$?%7%9%F%`$K$J$j$^$9!#�(B
�$B$7$+$7!"�(BLKM �$B$O$^$?!"%;%-%e%j%F%#>e$G9%$^$7$/$J$$>uBV$b$b$?$i$7$^$9!#�(BLKM �$B$rMQ$$$?�(Brootkit�$B$NB8:_$J$I$b;XE&$5$l$F$$$^$9�(B(�$B2<5-;2>H�(B)�$B!#�(B
(�$B>\$7$/$O!"2<5-$r;2>H$7$F$/$@$5$$!'�(B
http://www.atmarkit.co.jp/fsecurity/rensai/rootkit04/rootkit02.html)
�$B$7$?$,$C$F!"ITMQ0U$K�(BLKM �$B%*%W%7%g%s$rA*Br$7$J$$$[$&$,!"%;%-%e%j%F%#>e$G$O�(B
�$B9%$^$7$$$3$H$K$J$j$^$9!#�(B
LIDS �$B$rMQ$$$k$3$H$K$h$C$F!"$3$N
�$B%+!<%M%k$rIu0u$7$?8e$O!"�(BLKM �$B$OF0$$$F$$$k%+!<%M%k$K%b%8%e!<%k$r2C$($?$j!"�(B
�$B30$7$?$j$9$k$3$H$,=PMh$J$/$J$j$^$9!#$3$l$K$h$j!"Iu0u8e$N�(Brootkit �$B$NFI$_9~�(B
�$B$_$rKI$0$3$H$,$G$-$^$9!#�(B
�$B$7$+$7!"l9g$,$"$k$H;W$$$^$9!#$=$N$?$a!"%5!<%P!<5/F08e�(B
�$B$NA4$F$N%b%8%e!<%k$,FI$_9~$^$l$?8e$K%+!<%M%k$rIu0u$9$k$?$a!"�(B/etc/rcX.d/
�$B0J2<$KIu0u$N$?$a$N%9%/%j%W%H$r5-=R$7!":G8e$K5/F0$9$k$h$&$K@_Dj$9$kI,MW$,�(B
�$B$"$j$^$9!#�(B
�$B5/F0$+$i!"%+!<%M%kIu0u$^$G$NN.$l$O!"?^�(B1�$B$K$J$j$^$9!#�(B
�$B?^�(B 1:
Linux�$B$N5/F0$+$i!"%+!<%M%kIu0u$r7P$F%m%0%$%s$^$G$NN.$l�(B
|
|
�$B6qBNE*$K$O!"�(B/etc/rc2.d/S99sealing�$B$H$7$F�(B
#!/bin/sh
case "$1" in
start) /sbin/lidsadm -I ;;
stop) ;;
*) echo "Usage: $0 start" >&2; exit 1 ;;
esac
exit 0;
�$B$H$7$F$*$1$PNI$$$G$7$g$&!#�(B
Kazuki Omo
�$BJ?@.�(B15�$BG/�(B9�$B7n�(B28�$BF|�(B
![\includegraphics[width=12cm clip]{/home/omok/doc/koedo_oct_2003/LKM_lids.ps}](img1.png)