Transcall provides a VM shadow, which runs IDSes offloaded to another VM without any modification. It emulates system calls issued by IDSes and returns information on the operating system of the monitored VM. Also, it provides the same file systems with the monitored VM, including the proc file system. For security, it provides IDS executables, libraries, and configuration files from the VM running the IDSes. Currently, a VM shadow can run chkrootkit, Tripwire, etc.




Source Code



  • kourai _at_