yulong-hids-archived icon indicating copy to clipboard operation
yulong-hids-archived copied to clipboard

Published 20 hours ago verified publisher icon ysrc

Metadata

[archived] 一款实验性质的主机入侵检测系统

Results 43 yulong-hids-archived issues
Sort by recently updated
recently updated
newest added

首先给这个方案点赞,其次写一些问题

7 comment

windows: 如下

caidongyun avatar caidongyun

enhancement

v0.4.3 BETA 出现server异常崩溃,已经有2次了。

4 comment

bufio.(*Reader).Read(0xc42021b620, 0xc42032a6c0, 0xc, 0xc, 0x60, 0x60, 0x994020) /usr/local/go/src/bufio/bufio.go:216 +0x238 io.ReadAtLeast(0xa09080, 0xc42021b620, 0xc42032a6c0, 0xc, 0xc, 0xc, 0x2, 0xc420020a00, 0x2) /usr/local/go/src/io/io.go:309 +0x86 io.ReadFull(0xa09080, 0xc42021b620, 0xc42032a6c0, 0xc, 0xc, 0x813f53, 0x994020, 0xc420206660) /usr/local/go/src/io/io.go:327 +0x58...

JohnnyTTzhu avatar JohnnyTTzhu

加载syshook时判断内核版本

3 comment

加载syshook后出现异常 ![image](https://user-images.githubusercontent.com/2731416/38235105-90adcc2c-3752-11e8-8917-0d667cc93337.png) uname -r 版本为 2.6.32-696.23.1.el6.x86_64 版本与data.zip中编译好的ko并不完全一致,导致异常。[编译指南](https://github.com/ysrc/yulong-hids/blob/master/docs/build.md#%E5%86%85%E6%A0%B8%E9%A9%B1%E5%8A%A8)中有说明版本要完全一致,但是不一定每个人都会看。 最好在代码中进行判断,如果版本不完全一致则拒绝加载syshook模块,并给出提示自行编译。

ihacku avatar ihacku

enhancement

Metadata

2.1k
Stars
582
Forks
Watchers

Owner

verified publisher icon ysrc

Metadata

[archived] 一款实验性质的主机入侵检测系统

Back