From 778724795ce0033b1f878e505ca9379fef5c58ef Mon Sep 17 00:00:00 2001
From: shnavid <shnavid@ef72aa8b-4018-0410-8976-d6e080ef94d8>
Date: Thu, 15 Mar 2007 15:13:32 +0000
Subject: Added check to see if the loaded module matches the copy on the
 file-system

git-svn-id: svn+ssh://svn.fedorahosted.org/svn/sos/trunk@99 ef72aa8b-4018-0410-8976-d6e080ef94d8
---
 src/lib/sos/plugins/kernel.py | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

(limited to 'src/lib')

diff --git a/src/lib/sos/plugins/kernel.py b/src/lib/sos/plugins/kernel.py
index 9f96a777..2b13c181 100644
--- a/src/lib/sos/plugins/kernel.py
+++ b/src/lib/sos/plugins/kernel.py
@@ -86,6 +86,25 @@ class kernel(sos.plugintools.PluginBase):
         return
 
     def analyze(self):
+        infd = open("/proc/modules", "r")
+        modules = infd.readlines()
+        infd.close()
+
+        for modname in modules:
+            modname=modname.split(" ")[0]
+            print modname
+            modinfo_srcver = commands.getoutput("/sbin/modinfo -F srcversion %s" % modname)
+            infd = open("/sys/module/%s/srcversion" % modname, "r")
+            sys_srcver = infd.read().strip("\n")
+            infd.close()
+            if modinfo_srcver != sys_srcver:
+                self.addAlert("Loaded module %s differs from the one present on the file-system")
+
+            # this would be a good moment to check the module's signature
+            # but at the moment there's no easy way to do that outside of
+            # the kernel. i will probably need to write a C lib (derived from
+            # the kernel sources to do this verification.
+
         savedtaint = os.path.join(self.cInfo['dstroot'], "/proc/sys/kernel/tainted")
         infd = open(savedtaint, "r")
         line = infd.read()
-- 
cgit