GithubHelp home page GithubHelp logo

hartl3y94 / tyton Goto Github PK

View Code? Open in Web Editor NEW

This project forked from nbulischeck/tyton

0.0 0.0 0.0 2.09 MB

Kernel-Mode Rootkit Hunter

Home Page: https://nbulischeck.github.io/tyton/

License: GNU General Public License v3.0

Makefile 5.53% C 89.87% Shell 4.60%

tyton's Introduction

Tyton

Build Status license version

Linux Kernel-Mode Rootkit Hunter for 4.4.0-31+.

For more information, visit Tyton's website.

Detected Attacks

Hidden Modules

Syscall Table Hooking

Network Protocol Hooking

Netfilter Hooking

Zeroed Process Inodes

Process Fops Hooking

Interrupt Descriptor Table Hooking

ย 

Additional Features

Notifications: Users (including myself) do not actively monitor their journald logs, so a userland notification daemon has been included to monitor journald logs and display them to the user using libnotify. Notifications are enabled after install by XDG autorun, so if your DM does not have /etc/xdg/autostart it will fail.

DKMS: Dynamic Kernel Module Support has been added for Arch and Fedora/CentOS (looking to expand in the near future). DKMS allows the (near) seamless upgrading of Kernel modules during kernel upgrades. This is mainly important for distributions that provide rolling releases or upgrade their kernel frequently.

Installing

Dependencies

  • Linux Kernel 4.4.0-31 or greater
  • Corresponding Linux Kernel Headers
  • GCC
  • Make
  • Libnotify
  • Libsystemd
  • Package Config
  • GTK3

From Source

Ubuntu/Debian/Kali

  1. sudo apt install linux-headers-$(uname -r) gcc make libnotify-dev pkg-config libgtk-3-dev libsystemd-dev
  2. git clone https://github.com/nbulischeck/tyton.git
  3. cd tyton
  4. make
  5. sudo insmod tyton.ko

Note: For Ubuntu 14.04, libsystemd-dev is named libsystemd-journal-dev.

Arch

  1. sudo pacman -S linux-headers gcc make libnotify libsystemd pkgconfig gtk3
  2. git clone https://github.com/nbulischeck/tyton.git
  3. cd tyton
  4. make
  5. sudo insmod tyton.ko

Note: It's recommended to install Tyton through the AUR so you can benefit from DKMS.

Fedora/CentOS

  1. dnf install kernel-devel gcc make libnotify libnotify-devel systemd-devel gtk3-devel gtk3
  2. git clone https://github.com/nbulischeck/tyton.git
  3. cd tyton
  4. make
  5. sudo insmod tyton.ko
Kernel Module Arguments

The kernel module can be passed a specific timeout argument on insertion through the command line.

To do this, run the command sudo insmod tyton.ko timeout=X where X is the number of minutes you would like the kernel module to wait before executing its scan again.

AUR

Tyton is available on the AUR here.

You can install it using the AUR helper of your choice:

  • yaourt -S tyton-dkms-git
  • yay -S tyton-dkms-git
  • pakku -S tyton-dkms-git

tyton's People

Contributors

nbulischeck avatar v14dz avatar westonbelk avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.