honeynet's immense work at : www.honeynet.org Yes tripwire or aide is what you need for sure. As far as the files are concerned, mostly the files used for routine admin purpose are changed by intruders. If you look at major rootkits, they mostly replace the following files:
ps ls w /bin/login sshd ssh w finger netstat lsof and many more. Regards -------- Muhammad Faisal Rauf Danka Head of GemSEC / Chief Technology Officer Gem Internet Services (Pvt) Ltd. web: www.gem.net.pk Key Id: 0x784B0202 Key Fingerprint: 6F8C EDCF 6C6E 06A5 48D7 6A20 C592 484B 784B 0202 --- Mitchell Wright <[EMAIL PROTECTED]> wrote: >What you are asking for is impossible. The exploits are discovered and >passed around all the time... > >What you should consider is a file integrity assessment application. We use >Tripwire and it is good. The docs are available from the files area on their >sourceforge website. > >That, plus a well configured firewall, diligent patching, a perimeter >watcher like snort.org and good administrative practices should keep you as >safe as you can be. > >Also, check out the honeypot project. I can't remember the url off the top >of my head, but I learned lots there. Plus linuxsecurity.com. Typing Linux >security into google will give you a lifetime of reading. > >Mitchell > >On 10/10/02 8:34 AM, "Steve Buehler" <[EMAIL PROTECTED]> wrote: > >> Can anybody point me to a list or email me a list of the files on a redhat >> system that are the files that hackers would replace if they got >> in. Basically, I want to be able to restore these files easily if I ever >> need too. If I have a list of them that I can backup, than it would be >> easier to replace all of them instead of just searching through and trying >> to find out if they were tampered with in the first place. >> >> Thanks >> Steve >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> ow3 >> >> > > > >-- >redhat-list mailing list >unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe >https://listman.redhat.com/mailman/listinfo/redhat-list _____________________________________________________________ --------------------------- [ATTITUDEX.COM] http://www.attitudex.com/ --------------------------- _____________________________________________________________ Select your own custom email address for FREE! Get [EMAIL PROTECTED] w/No Ads, 6MB, POP & more! http://www.everyone.net/selectmail?campaign=tag -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
