> i am developing a small host integrity scanner / checker, to hunt > rootkits and trojans. offcourse, i need to add more methods / > techniques to detect. I am currently hashing out important files like > kernel, /boot dir and System.map files. Is there any other possible > way to code it better and anyother suggestion would be really helpful > in my coding.
Don't reinvent the wheel -- just use Tripwire. http://sourceforge.net/projects/tripwire/ for the open source version, or http://www.tripwire.com/products/ for the commercial version if you need something beefier. Based on what you've said in your message, it sounds like the open source version will work just fine. Cheers, Terry ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
