Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I wonder how can one uncompress the kernel image (in /boot directory), for let's say investigation purposes? It looks neither gzipped nor bzipped and still it is compressed.
The file contains several executable sections that do the uncompression when you are actually booting. You should take a look at http://www2.linuxjournal.com/article/2239 to see just how the kernel boots and where the data is stored.
I wonder how can one uncompress the kernel image (in /boot directory), for let's say investigation purposes? It looks neither gzipped nor bzipped and still it is compressed.
For "investigation purposes", why would you not look at the source code??
Trying to determine what is going on by reading machine code would not be MY idea of fun......YMMV..
I had an intrusion nearly a week ago and a rootkit, which I've cleaned out as I think. But, in fact I'm trying to detect whether there was a change in system calls or not. I've found this article, very good and helpfull in my opinion
Sometimes only a compressed version of the kernel may be available (named vmlinuz-2.4.x). In this case, before starting our investigation we have to uncompress that kernel image.
But it doesn't mention how one can accomplish this.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.