Re: check for root kit

To: Debian User List <debian-user@lists.debian.org>
Subject: Re: check for root kit
From: Crispin Wellington <crispin@aeonline.net>
Date: 17 Apr 2002 12:51:34 +0800
Message-id: <[🔎] 1019019096.904.23.camel@water>
In-reply-to: <[🔎] 20020423143105.GA5198@campbell-lange.net>
References: <[🔎] 20020423143105.GA5198@campbell-lange.net>

On Tue, 2002-04-23 at 22:31, Rory Campbell-Lange wrote:
> There is a very small possibility that someone has intruded into our
> network. I would like to test my 3 woody machines for possible root
> kits. What is the best way of doing this? Should I check the md5sum of
> programs such as find, ps and ifconfig against the packaged versions?

Thats always a good idea. Make sure your md5sum is not a trojan. Put a
trusted md5sum onto a floppy, write protect it and use that.

> Also, is there any way of checking for a kernel module type root kit?

Theres a number of programmes that do this. Eg.
http://sourceforge.net/projects/checkps/
Theres one called chrootkit, or something similar that checks for kernel
modules. I forget where it is though.

Kind Regards
Crispin Wellington

-- 
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

References:
- check for root kit
  - From: Rory Campbell-Lange <rory@campbell-lange.net>

Prev by Date: Re: How do I get off the list??
Next by Date: encrypt ISO image files
Previous by thread: check for root kit
Next by thread: Re: check for root kit
Index(es):
- Date
- Thread