[clug] chkrootkit: LKM Trojan?
jepri at webone.com.au
Thu Apr 1 00:24:05 GMT 2004
Andrew Pollock wrote:
> On Tue, Mar 30, 2004 at 01:50:02AM +1000, Pearl Louis wrote:
>>Netstat could have been compromised though.
>>nmap says that all ports are closed.
> If you run something like AIDE as well as chkrootkit as part of your
> security checking routine, you'll know if your netstat binary has been
Or you could just slap your knoppix cd into your CDROM drive, mount your
hard drive and check it, secure in the knowledge that none of your
anti-trojan tools have been tampered with.
More information about the linux