On Thu, 23 May 2002 20:52:38 -0700 James <[EMAIL PROTECTED]> wrote: > As a routine, there is a program called chkrootkit available at > http://www.chkrootkit.org/ It does a check for know root kits lastlog > deletions, strings replacement and more right now the list of > rootkits/worms is about 30 so it's a pretty current program. Like > anything else it's not a cure all but every tool helps and it runs > fast. I've got it on a daily cron job on mine. > > James
Opps one point I forgot if you are going to use it use the -q (quiet only outputs if a problem) and then copy these files (from a known good source) into a hidden directory. egrep, find, head, id, ls, netstat, ps, strings, sed, uname awk cut echo and ps and use the -p option to tell it to use only these files. That way it doesn't use ones that may be compromised already. James > > > On Thu, 23 May 2002 17:50:37 -0600 > FemmeFatale <[EMAIL PROTECTED]> wrote: > > > [EMAIL PROTECTED] wrote: > > > > > > >> > > > I can't address the rest but I do know some stuff about cracking > > > *don't ask, and if you must ask do so pvtly*. I know that the > > > first utils a cracker will replace/redo/delete/alter are: > > > > > > ps/ls/time/cp/rm > > > > > > those are fairly standard, and yes generating phony logs isn't > > > hard. Rootkits are widely available to do so with. Need proof, > > > I'll get you URLs pvtly. > > > > > > If you want some decent info on this subject with a very legal > > > bent, try www.sec33.com. > > > -- > > > Femme > > > >> > > > > > > Add netstat to the short list of favorite utilities to change. > > > I have also, unfortunately (!) gathered some first-hand info > > > about the techniques used... I will check my crucial binaries > > > against the CD ones tonight, it maybe that the md5sums I have > > > were done on already-compromised binaries... > > > > > > Thanks for your time, > > > > > > Serge Pineault > > > > > > > *nods* Ty I did forget that one. I hope you haven't been hacked, and > > doubt it highly in fact. > > > > However in case you have been you have my sympathies & may wish to > > check that site I mentioned as it has tons of info on security too. > > > > -- > > Femme > > > > Good Decisions You boss Made: > > > > "We'll do as you suggest and go with Linux. I've always liked that > > character from Peanuts." > > > > - Source: Dilbert > > > > > > > >
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
