展示HN:X-RAY – 一款由学生开发的工具,通过ISO比较审计操作系统行为
GitHub: <a href="https://github.com/lixiasky/X-ray">https://github.com/lixiasky/X-ray</a>
<p>我用Go语言制作了一个3MB的高权限系统行为审计工具。它将您的实时Linux系统与原始ISO进行比较,检测意外的文件/进程变化,并能够实时自动消除任何可疑内容。</p>
<p>这个工具足够轻便,可以在MacBook Air(M1,Parallels虚拟机)上运行,但又足够强大,可以拦截插件安装,甚至在执行过程中终止VSCode。没错,这确实发生过。没有任何根套件或恶意软件能够逃过它的检测——即使是意外的合法软件也无法存活。</p>
<p>行为链被导出为Graphviz .dot格式,包含完整的进程追踪。JSON/日志导出仍在进行中(我正在学习)。这个项目完全开源,欢迎分叉,由一名计算机科学以外的第一年学生制作。</p>
<p>它并不完美——但确实有效。我很想听听其他人的看法,看看能否破解它或在此基础上进行开发。</p>
查看原文
GitHub: <a href="https://github.com/lixiasky/X-ray">https://github.com/lixiasky/X-ray</a><p>I made a 3MB high-privilege system behavior auditor in Go. It compares your live Linux system to the original ISO, detects unexpected file/process changes, and can auto-eliminate anything suspicious — in real time.<p>It’s light enough to run on a MacBook Air (M1, Parallels VM), yet strong enough to intercept plugin installations and even kill VSCode mid-execution. Yes, that actually happened. No rootkits or malware got past it — even accidentally legit stuff didn’t survive.<p>The behavior chain is exported to Graphviz .dot, with full process trace. JSON/log export is still in progress (I'm learning). This is fully open source, free to fork, and made by a first-year student outside CS.<p>It’s not perfect — but it works. I’d love to hear what others think, break it, or build on it.