[clug] chkrootkit: LKM Trojan?

Jepri jepri at webone.com.au
Thu Apr 1 00:24:05 GMT 2004

Andrew Pollock wrote:
> On Tue, Mar 30, 2004 at 01:50:02AM +1000, Pearl Louis wrote:
>>Netstat could have been compromised though.
>>nmap says that all ports are closed.
> If you run something like AIDE as well as chkrootkit as part of your
> security checking routine, you'll know if your netstat binary has been
> compromised.

Or you could just slap your knoppix cd into your CDROM drive, mount your 
hard drive and check it, secure in the knowledge that none of your 
anti-trojan tools have been tampered with.

More information about the linux mailing list