Hi!
I'm a computer engineering student from Mumbai, India.
As part of my last year's cirriculum, I have to do a small project with 2 of my friends.
My project topic is "System Authentication and Secure Application Loading on Linux"...its a file-integrity checker system, similar to Tripwire, only ours will be a much toned-down version...

Now, we've started with the Application authentication part first, as we feel it is easier.
The main idea here is this: whenever the filesystem searches for a file to open it, we want it to perform a small check on it. We want to perform a SHA hash on the file, and compare it against an already existing hash which we have stored in a small database.

We thought of using dbm instead of a full-fledged database at this stage in our project. Also, the database is supposed to contain only a token number of files; we're not authenticating all the files on the system..

We've been programming in C, and as of now, we have done the following:
Given any file as a command-line argument, a program computes a SHA and tests it against a dbm database. It returns a boolean as to whether the file is authentic or not, and makes a suitable syslog entry.
What we would like to know is, how can we modify the kernel source, so that whenever the file-system is about to open a file, it first calls our program; this way we have a means of knowing if a file is authentic or not before it actually executes.

I'm completely overwhelmed by the kernel source, as there are so many files and directories. Still i've found some files which could possibly be the right ones to modify. Please tell me if they are correct, and if not, which one is the file to modify?
/usr/src/linux-2.4.20-8/fs/open.c
/usr/src/linux-2.4.20-8/fs/read_write.c
/usr/src/linux-2.4.20-8/fs/filesystems.c

Please help.
Thank you,
Nikhil.

Moved to Programming. I'm leaving a permanent redirect here, though. Good luck!

I'm not going to try to offer a complete answer here. Rather, I'd like to point you to the most-basic refuge of the engineering practitioner... research of the present state-of-the-art.

"How did Microsoft do it, when they engineered 'Authenticode?'"

"How did the United States Department of Defense do it, when they explored 'SELinux?'"

When you are a student, it is very easy to imagine that you are the first group of people who have ever considered a particular problem. (It is especially easy to think that way when you've just been given an important homework assignment!) But the simple reality is that ... you aren't.

... and that's the most important lesson of all!

No matter who you are, when you are, or where you are, you are not "the first!"

"Dictum Ne Agas: Do not do a thing already done."

A great deal of "original" research actually consists of discovering, and then assimilating and somehow 'making your own,' what has already 'been done.'

Google is a marvelous thing, indeed. (And, BTW, if you suppose that I am making a joke at your expense, you are mistaken. )

point noted.
i've already downloaded the latest kernel i could find, namely the 2.6.22.9.....I'll go through that first....
I'll post again later.....
Thanks for your help.
Nikhil.

thank you also moderator