Re: check for root kit
On Tue, 2002-04-23 at 22:31, Rory Campbell-Lange wrote:
> There is a very small possibility that someone has intruded into our
> network. I would like to test my 3 woody machines for possible root
> kits. What is the best way of doing this? Should I check the md5sum of
> programs such as find, ps and ifconfig against the packaged versions?
Thats always a good idea. Make sure your md5sum is not a trojan. Put a
trusted md5sum onto a floppy, write protect it and use that.
> Also, is there any way of checking for a kernel module type root kit?
Theres a number of programmes that do this. Eg.
Theres one called chrootkit, or something similar that checks for kernel
modules. I forget where it is though.
To UNSUBSCRIBE, email to firstname.lastname@example.org
with a subject of "unsubscribe". Trouble? Contact email@example.com