[clug] chkrootkit: LKM Trojan?
Tomasz Ciolek
tmc at dreamcraft.com.au
Thu Apr 1 20:17:20 GMT 2004
I have a Samhain setup myself...
TMC
On Fri, Apr 02, 2004 at 06:09:05AM +1000, Simon Haddon wrote:
> Andrew Pollock wrote:
>
> >On Tue, Mar 30, 2004 at 01:50:02AM +1000, Pearl Louis wrote:
> >
> >
> >>Netstat could have been compromised though.
> >>nmap says that all ports are closed.
> >>
> >>
> >
> >If you run something like AIDE as well as chkrootkit as part of your
> >security checking routine, you'll know if your netstat binary has been
> >compromised.
> >
> >regards
> >
> >Andrew
> >
> >
> I find that tripwire (http://www.tripwire.org/) is also very good.
--
Tomasz M. Ciolek
*******************************************************************************
tmc at dreamcraft dot com dot au or tmc at goldweb dot com dot au
*******************************************************************************
GPG Key ID: 0x41C4C2F0 Key available on www.pgp.net
*******************************************************************************
Everything falls under the law of change;
Like a dream, a phantom, a bubble, a shadow,
like dew of flash of lightning.
You should contemplate like this.
More information about the linux
mailing list