Hello all,
After spending some time in google.com, I decided to ask it here.
Do you know any of the RPM-aware rootkits for Linux which will not be
detected by "rpm --verify". I would prefer direct edit of /var/lib/rpm
rather to trojaned rpm binary, but what the heck - whatever will do.
I need to deploy something on Linux which will pass the "rpm -V", but will
involve replacing some binaries. I can rebuild the stuff from source
RPMs, recreate the package and then replace the stock RPM., but it is too
messy (GPG sig will be different, but that will hopefully be OK for the
honeypot).
Thanks a lot for responses!
Best regards,
--
Anton A. Chuvakin, Ph.D.
http://www.chuvakin.org
http://www.info-secure.org
