taking dump of memory in linux bazzite
someone know how to install a make it work volatility and LIME (linux memory extractor) on linux bazzite?
someone has got any experience?
I want to see if there's any rootkit hiding itself in the memory of my computer
https://github.com/504ensicsLabs/LiME
https://github.com/volatilityfoundation/volatility
GitHub
GitHub - 504ensicsLabs/LiME: LiME (formerly DMD) is a Loadable Kern...
LiME (formerly DMD) is a Loadable Kernel Module (LKM), which allows the acquisition of volatile memory from Linux and Linux-based devices, such as those powered by Android. The tool supports acquir...
GitHub
GitHub - volatilityfoundation/volatility: An advanced memory forens...
An advanced memory forensics framework. Contribute to volatilityfoundation/volatility development by creating an account on GitHub.
3 Replies
The second one just runs on python and python is preinstalled in Bazzite (and most other other linux distros too). So it might just work out the box. However it was last updated 5 years ago.
Since this OS is mostly for gaming, I don't think you'll get too much support on this.
if you just installed bazzite theres not
there are very few rootkits for linux
no I cannot install LiME
bazzite@bazzite:~/LiME/src$ make
make -C /lib/modules/6.12.8-201.bazzite.fc41.x86_64/build M="/var/home/bazzite/LiME/src" modules
make[1]: entering directory «/var/home/bazzite/LiME/src»
make[1]: /lib/modules/6.12.8-201.bazzite.fc41.x86_64/build: No such file or directory. Stopping.
make[1]: leaving directory «/var/home/bazzite/LiME/src»
make: [Makefile:35: default] Error 2
I managed to install volatility, but I cannot install LiME
I cannot install kernel-devel and kernel-headers, so I cannot compile Lime, someone can help me?
bazzite@bazzite:~/LiME/src$ sudo dnf install kernel-devel-6.12.8-201.bazzite.fc41.x86_64 kernel-headers-6.12.8-201.bazzite.fc41.x86_64
[sudo] password di bazzite:
Note: This system is image (rpm-ostree) based. Inactive requests: kernel-headers (already provided by kernel-headers-6.12.4-200.fc41.x86_64) Checking out tree 68b1852... done Enabled rpm-md repositories: copr:copr.fedorainfracloud.org:ilyaz:LACT copr:copr.fedorainfracloud.org:rodoma92:kde-cdemu-manager copr:copr.fedorainfracloud.org:rodoma92:rmlint copr:copr.fedorainfracloud.org:rok:cdemu fedora-cisco-openh264 updates fedora hardware_razer updates-archive Updating metadata for 'updates'... done Updating metadata for 'updates-archive'... done Importing rpm-md... done rpm-md repo 'copr:copr.fedorainfracloud.org:ilyaz:LACT' (cached); generated: 2025-01-16T07:49:04Z solvables: 12 rpm-md repo 'copr:copr.fedorainfracloud.org:rodoma92:kde-cdemu-manager' (cached); generated: 2024-10-29T12:13:12Z solvables: 16 rpm-md repo 'copr:copr.fedorainfracloud.org:rodoma92:rmlint' (cached); generated: 2024-10-29T12:31:09Z solvables: 4 rpm-md repo 'copr:copr.fedorainfracloud.org:rok:cdemu' (cached); generated: 2024-10-21T13:15:21Z solvables: 23 rpm-md repo 'fedora-cisco-openh264' (cached); generated: 2024-03-11T19:22:31Z solvables: 3 rpm-md repo 'updates'; generated: 2025-01-20T03:50:05Z solvables: 18060 rpm-md repo 'fedora' (cached); generated: 2024-10-24T13:55:59Z solvables: 76624 rpm-md repo 'hardware_razer' (cached); generated: 2025-01-09T16:19:56Z solvables: 23 rpm-md repo 'updates-archive'; generated: 2025-01-20T04:11:58Z solvables: 24799 error: Packages not found: kernel-devel-6.12.8-201.bazzite.fc41.x86_64, kernel-headers-6.12.8-201.bazzite.fc41.x86_64 there is no development kernel on bazzite so I cannot install Lime bazzite@bazzite:/var/home/bazzite/LiME/src$ grep "System RAM" /proc/iomem 00000000-00000000 : System RAM 00000000-00000000 : System RAM 00000000-00000000 : System RAM 00000000-00000000 : System RAM 00000000-00000000 : System RAM 00000000-00000000 : System RAM 00000000-00000000 : System RAM 00000000-00000000 : System RAM 00000000-00000000 : System RAM 00000000-00000000 : System RAM 00000000-00000000 : System RAM there isn't something wrong with it? it shouldn't be something like this? $ grep "System RAM" /proc/iomem 00001000-0009e3ff : System RAM 00100000-cf68ffff : System RAM 100000000-12fffffff : System RAM
Note: This system is image (rpm-ostree) based. Inactive requests: kernel-headers (already provided by kernel-headers-6.12.4-200.fc41.x86_64) Checking out tree 68b1852... done Enabled rpm-md repositories: copr:copr.fedorainfracloud.org:ilyaz:LACT copr:copr.fedorainfracloud.org:rodoma92:kde-cdemu-manager copr:copr.fedorainfracloud.org:rodoma92:rmlint copr:copr.fedorainfracloud.org:rok:cdemu fedora-cisco-openh264 updates fedora hardware_razer updates-archive Updating metadata for 'updates'... done Updating metadata for 'updates-archive'... done Importing rpm-md... done rpm-md repo 'copr:copr.fedorainfracloud.org:ilyaz:LACT' (cached); generated: 2025-01-16T07:49:04Z solvables: 12 rpm-md repo 'copr:copr.fedorainfracloud.org:rodoma92:kde-cdemu-manager' (cached); generated: 2024-10-29T12:13:12Z solvables: 16 rpm-md repo 'copr:copr.fedorainfracloud.org:rodoma92:rmlint' (cached); generated: 2024-10-29T12:31:09Z solvables: 4 rpm-md repo 'copr:copr.fedorainfracloud.org:rok:cdemu' (cached); generated: 2024-10-21T13:15:21Z solvables: 23 rpm-md repo 'fedora-cisco-openh264' (cached); generated: 2024-03-11T19:22:31Z solvables: 3 rpm-md repo 'updates'; generated: 2025-01-20T03:50:05Z solvables: 18060 rpm-md repo 'fedora' (cached); generated: 2024-10-24T13:55:59Z solvables: 76624 rpm-md repo 'hardware_razer' (cached); generated: 2025-01-09T16:19:56Z solvables: 23 rpm-md repo 'updates-archive'; generated: 2025-01-20T04:11:58Z solvables: 24799 error: Packages not found: kernel-devel-6.12.8-201.bazzite.fc41.x86_64, kernel-headers-6.12.8-201.bazzite.fc41.x86_64 there is no development kernel on bazzite so I cannot install Lime bazzite@bazzite:/var/home/bazzite/LiME/src$ grep "System RAM" /proc/iomem 00000000-00000000 : System RAM 00000000-00000000 : System RAM 00000000-00000000 : System RAM 00000000-00000000 : System RAM 00000000-00000000 : System RAM 00000000-00000000 : System RAM 00000000-00000000 : System RAM 00000000-00000000 : System RAM 00000000-00000000 : System RAM 00000000-00000000 : System RAM 00000000-00000000 : System RAM there isn't something wrong with it? it shouldn't be something like this? $ grep "System RAM" /proc/iomem 00001000-0009e3ff : System RAM 00100000-cf68ffff : System RAM 100000000-12fffffff : System RAM