Install the rootkit

Now that you have a working VM, you can launch the rootkit.

warning

Always do these steps in a virtual machine

Installing dependencies

In order to build the rootkit, you must install the following dependencies:

build-essentials
linux-headers

You can install them with the following command: sudo apt install build-essential linux-headers-$(uname -r)

Installing the rootkit

An installation script is provided in this repo to automate the installation and make it simpler. To install the module, simply execute the following command in the module-creation folder: sudo ./install.sh install <password> <debug 1|0>

Verifying the installation

To verify that the module is correctly installed, you can execute the following command in a terminal: modinfo epirootkit If the module is correctly installed, you should see the following output. If you do not see it, the installation was not successful.

filename:       /lib/modules/5.4.0-182-generic/kernel/drivers/rk_file_epirootkit/epirootkit.ko
author:         hector.thubert <hector.thubert@epita.fr>, louis.gallet <louis.gallet@epita.fr>, arthur.certin <arthur.certin@epita.fr>
description:    Modules file for the implementation of epirootkit
license:        GPL
srcversion:     60D0CC4203A8B88E5FDEDB3
depends:
name:           epirootkit
retpoline:      Y
vermagic:      5.4.0-182-generic SMP mod_unload modversions

Installing dependencies​

Installing the rootkit​

Verifying the installation​

Installing dependencies

Installing the rootkit

Verifying the installation