From the url above: What is NiX Security Scanner and what it does? It`s a security scanner for Linux distributions. It will try find rootkits, backdoors and try to determine is your system hacked or not. Actually it does same time much more than that. Does it differ from current ones (chkrootkit,rkhunter,more??) and if does, how? Yes. It´s looking things from completely different approach than others. For example, instead of making it say "This is xxx rootkit", it will try (Read: i will try my best) to make advanced generic detection for also private rootkits what was never released before etc. (this is of course very hard to achieve because there is so many ways hide your stuff, but we will see...) Fact is that if you make it look files for example from default install locations for rk´s and such, it`s nearly useless against advanced attacker... As of version 0.3 Nix has been GPL'ed. http://nixsecurityscanner.com/NiX/showthread.php?t=510
Created attachment 118500 [details] Initial nix ebuild Did not add proper SRC_URI as there is not static file to be downloaded.
Hi Thomas, Thanks for the ebuild. I've run a simple source install here and nix looks nice. I'll do my best to get the nix included in the tree tomorrow. I'm just waiting to check with another dev first, when he's about we'll make the changes to the ebuild etc and commit it to the tree. Cheers -Rob
Hi Thomas. Thanks again for your ebuild however I do not feel that NiX is ready for inclusion into Gentoo at this time. Whilst you have obviously done some fine work there are a number of limitations within your project that to my mind make it an unlikely candidate for a package based installation mechanism. NiX performs a number of operations using its "SafeBinaries" which is a perfectly valid mechanism. However a cursory glance at the code suggests that it does nothing to hash or obfuscate this binaries and performs no authenticity checking when using them. Obviously, These binaries are included in case the system versions are compromised. However they offer no security as they could also be comprised at the same time if they already existed on the system. This being the case the only valid use of NiX would be to introduce it to a system that you may feel is already comprised. At this point grabbing it from a package repo or any other source is unacceptable and you would need to introduce the package but from another source. To Summarise: Great work, this would be good on a liveCD or other read only media. Its not currently suitable for inclusion within the gentoo tree. Thanks -Rob
