On 08/09/16 23:57, Paul Robert Marino wrote:
> This thread raises some interesting point but I've seen a few
> misconceptions in it too
>
> first let me clear up the misconceptions.
> 1) busy box is meant to make the footprint on an appliance or live
> "CD" type distro smaller it is not for securi
This thread raises some interesting point but I've seen a few
misconceptions in it too
first let me clear up the misconceptions.
1) busy box is meant to make the footprint on an appliance or live
"CD" type distro smaller it is not for security. Rootkits that replace
busy box have been seen in the
Hi Steven J. Yellin!
On 2016.09.07 at 19:03:32 -0700, Steven J. Yellin wrote next:
> Are rpm and the check sum tools statically linked? If not, hiding
> copies of them might not help if libraries have been compromised. But
> busybox is statically linked, and it looks like it can be easily
Hi jdow!
On 2016.09.07 at 19:18:32 -0700, jdow wrote next:
> Is the part of the filesystem which handles links in kernel space or user
> space? That would make a great deal of difference as this rootkit tool
In kernel (except for soft links, for them it's partially in user space,
kind of, appli
unt of
/ and /usrÿÿ is still your best bet, even Red Hat products like RHEV use that
method on appliances.
Original Message
From: jdow
Sent: Wednesday, September 7, 2016 19:09
To: scientific-linux-users@fnal.gov
Subject: Re: Re: Regarding latest Linux level 3 rootkits
Thanks Vladimir,
I suppose
essage
From: jdow
Sent: Wednesday, September 7, 2016 19:09
To: scientific-linux-users@fnal.gov
Subject: Re: Re: Regarding latest Linux level 3 rootkits
Thanks Vladimir,
I suppose I could pull the necessary files from busybox as a means of keeping a
more generic Linux system in security trim. This mi
jdow
Sent: Wednesday, September 7, 2016 19:09
To: scientific-linux-users@fnal.gov
Subject: Re: Re: Regarding latest Linux level 3 rootkits
Thanks Vladimir,
I suppose I could pull the necessary files from busybox as a means of keeping a
more generic Linux system in security trim. This might be a useful
Original Message
From: jdow
Sent: Wednesday, September 7, 2016 19:09
To: scientific-linux-users@fnal.gov
Subject: Re: Re: Regarding latest Linux level 3 rootkits
Thanks Vladimir,
I suppose I could pull the necessary files from busybox as a means of keeping a
more generic Linux system in security
Thanks Vladimir,
I suppose I could pull the necessary files from busybox as a means of keeping a
more generic Linux system in security trim. This might be a useful tool set to
suggest upstream. A statically linked less would allow a quick check for the
hidden user. A statically linked chkrootk
Hi jdow!
On 2016.09.06 at 23:15:04 -0700, jdow wrote next:
> Is there any source for a VI, VIM, or even EMACS that has all libraries
> compiled into it statically? That would make monitoring for the rootkit much
> easier. The same could be said for utilities such as chkrootkit. With
> compiled i
Is there any source for a VI, VIM, or even EMACS that has all libraries compiled
into it statically? That would make monitoring for the rootkit much easier. The
same could be said for utilities such as chkrootkit. With compiled in static
libraries these level three (user space) rootkits can't ed
11 matches
Mail list logo