Show HN: X-RAY – A student-built tool to audit OS behavior via ISO comparison
GitHub: https://github.com/lixiasky/X-ray
I made a 3MB high-privilege system behavior auditor in Go. It compares your live Linux system to the original ISO, detects unexpected file/process changes, and can auto-eliminate anything suspicious — in real time.
It’s light enough to run on a MacBook Air (M1, Parallels VM), yet strong enough to intercept plugin installations and even kill VSCode mid-execution. Yes, that actually happened. No rootkits or malware got past it — even accidentally legit stuff didn’t survive.
The behavior chain is exported to Graphviz .dot, with full process trace. JSON/log export is still in progress (I'm learning). This is fully open source, free to fork, and made by a first-year student outside CS.
It’s not perfect — but it works. I’d love to hear what others think, break it, or build on it.