[clug] chkrootkit: LKM Trojan?
Jepri
jepri at webone.com.au
Thu Apr 1 00:24:05 GMT 2004
Andrew Pollock wrote:
> On Tue, Mar 30, 2004 at 01:50:02AM +1000, Pearl Louis wrote:
>
>>Netstat could have been compromised though.
>>nmap says that all ports are closed.
>
>
> If you run something like AIDE as well as chkrootkit as part of your
> security checking routine, you'll know if your netstat binary has been
> compromised.
Or you could just slap your knoppix cd into your CDROM drive, mount your
hard drive and check it, secure in the knowledge that none of your
anti-trojan tools have been tampered with.
More information about the linux
mailing list