๐ Fitz Roy: a free solo climbing to sanitize virtual machines
๐ก Newskategorie: Linux Tipps
๐ Quelle: reddit.com
Nowadays when a computer security incident occurs, it is necessary to quarantine the machine (physicical or virtualized) in order to avoid data leaks. Current malware has multiples phases that exchange information with C&C (Command an Crontrol) servers, therefore it needs to be mitigated as soon as possible. A possible solution could be to monitor entry points of nodes for instance application directory (/var/www/<site>/html). Fitz Roy monitorizes Linux guests filesystems (raw, qcow2, vmdk , vdi, vpc, vhd) relying on libguestfs and Virustotal's API. Libguestfs mounts virtual machine filesystem and uploads suspicious files to Virustotal's API which are then analyzed and a malware detection report is generated. The project has been implemented in C and built with autotools. Tool can be fitted under DFIR (Digital Forensic and Incident Response) field because it can be useful in Eradication and Recovery phases. It also can be used in Preparation phases in order to check virtual machine backups.
For more information you can go to https://gitlab.com/luisfm/fitz-roy or https://acmpxyz.com/fitz_roy.html.
Cheers!
[link] [comments] ...