Re: check for root kit
On Tuesday 23 April 2002 07:31 am, Rory Campbell-Lange wrote:
> There is a very small possibility that someone has intruded into our
> network. I would like to test my 3 woody machines for possible root
> kits. What is the best way of doing this? Should I check the md5sum of
> programs such as find, ps and ifconfig against the packaged versions?
>
> Also, is there any way of checking for a kernel module type root kit?
>
i understand that you probably want to keep info about the potential
compromise to yourself, right now, but a consequence of your reticence in
offering detail is that you haven't given us a lot to work with. can you
share with us the reason for your suspicion? how the possible compromise was
achieved is always a big clue towards appropriate defense.
ben
--
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: