[clug] chkrootkit: LKM Trojan?
Simon Haddon
simon at sibern.com.au
Thu Apr 1 20:09:05 GMT 2004
Andrew Pollock wrote:
>On Tue, Mar 30, 2004 at 01:50:02AM +1000, Pearl Louis wrote:
>
>
>>Netstat could have been compromised though.
>>nmap says that all ports are closed.
>>
>>
>
>If you run something like AIDE as well as chkrootkit as part of your
>security checking routine, you'll know if your netstat binary has been
>compromised.
>
>regards
>
>Andrew
>
>
I find that tripwire (http://www.tripwire.org/) is also very good.
More information about the linux
mailing list