[clug] chkrootkit: LKM Trojan?
simon at sibern.com.au
Thu Apr 1 20:09:05 GMT 2004
Andrew Pollock wrote:
>On Tue, Mar 30, 2004 at 01:50:02AM +1000, Pearl Louis wrote:
>>Netstat could have been compromised though.
>>nmap says that all ports are closed.
>If you run something like AIDE as well as chkrootkit as part of your
>security checking routine, you'll know if your netstat binary has been
I find that tripwire (http://www.tripwire.org/) is also very good.
More information about the linux