[clug] chkrootkit: LKM Trojan?
David Gibson
david at gibson.dropbear.id.au
Fri Apr 2 00:26:19 GMT 2004
On Fri, Apr 02, 2004 at 06:09:05AM +1000, Simon Haddon wrote:
> Andrew Pollock wrote:
>
> >On Tue, Mar 30, 2004 at 01:50:02AM +1000, Pearl Louis wrote:
> >
> >
> >>Netstat could have been compromised though.
> >>nmap says that all ports are closed.
> >>
> >>
> >
> >If you run something like AIDE as well as chkrootkit as part of your
> >security checking routine, you'll know if your netstat binary has been
> >compromised.
> >
> >regards
> >
> >Andrew
> >
> >
> I find that tripwire (http://www.tripwire.org/) is also very good.
AIDE is, in fact, a free clone of tripwire. I think Tripwire is free
software these days, but it used not to be.
--
David Gibson | For every complex problem there is a
david AT gibson.dropbear.id.au | solution which is simple, neat and
| wrong.
http://www.ozlabs.org/people/dgibson
More information about the linux
mailing list