If that minimal effort yields a positive result, yay! I was just pointing out that one ought not feel too comfy if a minimal effort yields a negative result.
Agreed. If chkrootkit, RPM or what ever finds what you are looking for, cool. If not, its time to mount the drive in a remote system.
If you are wondering just how evil these kits can be, some further reading: http://www.sans.org/resources/idfaq/knark.php
Note that knark can render MD5 and other checks useless while its loaded in the kernel.
HTH, C
_______________________________________________ gnhlug-discuss mailing list [EMAIL PROTECTED] http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
