The approaches described in this section are approaches that could be pursued, but not necessarily approaches that have been previously conceived or pursued. Therefore, unless otherwise indicated, it should not be assumed that any of the approaches described in this section qualify as prior art merely by virtue of their inclusion in this section.
Computer products or appliances which include a combination of hardware and software elements, generally execute software applications logically on top of an operating system that is loaded on computer hardware or within a virtual machine. In many cases, different levels of operating system access are available. For example, an interface such as a web user interface or a command line interface (CLI) may provide limited access that protects one or more files from modification or access. The appliance, used in a limited access state, may be warranted against problems and may be supported by a support entity such as a manufacturer of the appliance. Alternatively, an interface may provide root shell or a full operating system shell which provides access to files that cannot be accessed with a limited shell.
When a problem occurs with an appliance, generally the limited shell can be used to debug the problem. However, some problems may require root access. Therefore, when a consumer contacts a support entity for debugging an appliance, the support entity may provide the consumer with root access for a limited time period to facilitate fixing the problem, but may wish to prevent access after the limited time period has ended. For example, the consumer may be informed how to download a root patch for the appliance. Root access is not provided indefinitely because, for example, modifications with root access may create problems not intended to be supported by the support entity.
However, during the limited time period of root access provided to the consumer, the consumer may create additional back door root access routes and use the back door root access routes after expiration of the limited time period for root access allowed by the support entity. Further, with operating systems such as Linux, once a user has gained full Linux shell access, the user can create a root-shell back-door, then install and run software on the computer that the computer was never intended to support. The user may be able to change kernel parameters, database parameters, and other configuration values that were never intended to be covered by a support agreement.
One approach might be to generate a hash value based on a binary image of an operating system and applications in memory of an appliance or computer. However, this approach is too time-consuming when the binary image is large. For example, some appliances may have images that are 250 Gb or more in size, and generating a hash value based on such a large image is expected to take too long to provide for practical verification at the time of a support call.